From my experience Kubernetes is complex and not just from an architecture perspective in getting clusters deployed and managed, but also for day 2.
From the onset you need to decide if you want to create separate clusters or make use of namespaces. If you choose namespaces then you need to think about Pod Security Policies and Network Policies to isolate the namespaces properly and the list goes on and on.
Kubernetes provides a platform to seamlessly run containers on your laptop, across on-premise data centers and on public cloud providers. But to create an enterprise ready environment you need to tap into different OSS solutions, adding to the complexity, for IAM, Config, Policies, backup/recovery, ingress etc.
VMware is looking to solve these day-1 and day-2 problems with their new product launches. To better understand these new products and how they will be used, let’s break down K8s into different areas:
Provisioning K8s clusters
- Tanzu Kubernetes Grid can create K8s clusters in different infrastructures like AWS, Azure, GCP, Edge or VMC on AWS.
- Tanzu Kubernetes Grid is also embedded in vSphere so VI admins can deploy K8s clusters from vCenter Server natively on ESXi hosts!
- This requires VCF 4
Running K8s clusters
- This consists of vSphere with Kubernetes (aka Project Pacific), which transforms vSphere into a Kubernetes native platform.
Managing K8s clusters.
- Tanzu Mission Control provides lifecycle management for K8s clusters from a single point of control.
Provisioning and managing/monitoring containers
As you can see from the different K8s areas I talked about earlier, VMware’s new Tanzu app modernization platform is extensive and consists of a couple of different products:
- Spring boot
- Tanzu Application Catalog
- Tanzu Application Services
- Tanzu Kubernetes Grid
- Tanzu Mission Control
- Tanzu Observability powered by Wavefront
I will review the Tanzu product in a bit more detail below, but first off lets do a quick review of vSphere with Kubernetes.
vSphere 7 with Kubernetes
- What is vSphere with Kubernetes and why care?
- Previously called Project Pacific
- It includes and is powered by the Tanzu Kubernetes Grid as one of its services.
- What is cool is that you as the VI admin can use vCenter Server to deploy new K8s clusters and developers can use K8s api to interact with these new clusters.
- Available through VMware Cloud Foundation 4
- Licensed and deployed with VCF
- In a nutshell it allow containers (with Kubernetes) and good old fashioned VMs to run natively as peers on ESXi hosts.
- It allow developers to interactive with these K8s environments and containers with the same APIs and tools they are use to and make use of on a daily basis.
- Most importantly, it allows the VI Admin to continue to manage the SDDC through vCenter Server, which they are familiar with and no need to learn new skill sets for complicated tools.
- VMware will help customers apply a cloud native application development framework.
- Spring is most widely used Java Application development framework and now stewarded by VMware
Tanzu Application Catalog
- Previously called Project Galleon
- This new product will help assemble customers application with existing open source containers with an enterprise implementation of Bitnami’s community catalog
- The application Catalog delivers a customizable selection of open source software from the Bitnami catalog that is verifiably secured, tested, and maintained for use in production environments.
- The service gives developers the productivity and agility of pre-packaged apps and components, while enabling operators to meet the stringent security and transparency requirements of enterprise IT.
Tanzu Application Services
- From the Pivotal acquisition VMware is rebranding Pivotal Application Service (PAS) to the Tanzu Application Service.
- This service is for customers that want to run their applications in an highly automated environment, which will allow them to delivery software to production much faster.
Tanzu Kubernetes Grid
- Tanzu Kubernetes Grid is VMware’s Kubernetes distribution/runtime, built on open source technologies, that helps customers install and run a multi-cluster Kubernetes environment on the infrastructure of their choice.
- It is designed to run Kubernetes consistently across any environment including data centers, hyperscalers, service providers, and at the edge.
- It includes the industry-standard open source technologies needed to stand up and support a cloud-neutral Kubernetes environment
- Is packaged for enterprise readiness
- Fully supported by VMware GSS
- Tanzu Kubernetes Grid is embedded in vSphere 7 and will also become apart of the VMC on AWS offering
- As of this writing it supports the following:
- AWS, including AWS GovCloud
- VMC on AWS
- VMware also provides lots of flexibility in choosing your tool-sets with VMware advisory support (Advisory support means that they will provide support for the tools as it is used within the context of K8s. VMware does not have VMware engineers assigned to those upstream projects, so cannot extend break-fix support)
- Container Runtime
- Docker-CE/Docker-EE (any versions validated with chosen Kubernetes versions)
- Containerd (versions validated with chosen Kubernetes versions)
- Only valid for Kubernetes versions beginning with 1.12
- CRI-O versions beginning with 1.14.5
- Singularity versions beginning with 3.3.0
- If you intend to use more than one type of OS and/or CRI in one K8s clusters, please consult with VMware Support!
- Infrastructure Automation
- Any tool instrumenting kubeadm
- VMware only supports kubeadm, not the automation tool
- Container Network
- Calico versions beginning with 2.6
- NSX Container plugin beginning with v2.2
- Cilium beginning with v1.5.0 (only if used with a supported OS that supports Cilium with its default kernel)
- Your subscription includes break-fix support for this VMware OSS project
- (Break-fix support means that VMware has engineering resources to work directly upstream to either fix issues directly partner with the community on a fix)
- Service Mesh
- Istio beginning with v1.1
- NSX-Service Mesh (full support via an NSX-Service Mesh subscription)
- Prometheus (latest stable version)
- Grafana (latest stable version)
- Alert Manager (latest stable version)
- FluentD (latest stable version)
- Zipkin (latest stable version)
- Jaeger (latest stable version)
- VMware will support clusters using any other Cloud Native monitoring and logging tool, but will not support the tools themselves.
- Helm v2/v3
- Detailed support matrix info here
- Container Runtime
VMware Tanzu Mission Control
- Customers in the future will be running 100s if not 1000s of clusters across different infrastructures, and for this to not turn into a management nightmare you want to have tight control of access, policies, security, audit, compliance and data protection across all of these clusters. This is where TMC comes in to save the day!
- Tanzu Mission Control is a centralized management platform (SaaS based) for consistently operating and securing Kubernetes infrastructure and modern applications across multiple teams and clouds.
- It provides operators with a single control point for consistent management across environments and increased security and governance.
- Developers have self-service access to resources so they can get code into production faster
- You will be able to import and provide all the TMC enterprise services to your existing conformance K8s clusters that are running either on-prem, in the cloud or at the edge which is super cool.
- More information available here
Tanzu Observability by Wavefront.
- VMware is also re-branded Wavefront by VMware to Tanzu Observability by Wavefront.
- This will help customers monitor their apps running in multi-cloud environments including Kubernetes-based environments.
(All images on this page courtesy VMware)