Announcing Tanzu Build Service Beta: Build and Run Containers in Any Kubernetes Cluster

June 10, 2020 Brad Bock

In July 2019, Pivotal announced the release of its Build Service alpha. Now called VMware Tanzu Build Service, it offers a new and simplified approach to building and managing the life cycle of container-based applications.

Tanzu Build Service turns your source code into Open Container Initiative (OCI)-compatible, continuously maintained container images that are deployable on any OCI-compatible runtime. Not only does it bring the buildpacks experience CloudFoundry developers loved to Kubernetes-native apps, it also leverages an automated build model that amplifies the value of Cloud Native Buildpacks (CNBs) at enterprise scale. Build Service also solves some of the biggest operational and security challenges that come with maintaining software over time by removing the need for a human to intervene when there are updates to your software or its dependencies. Automating the maintenance of your containers is especially important because it drastically reduces the risk of critical security vulnerabilities being left unpatched.

During the Tanzu Build Service alpha, we enjoyed strong partnerships with customers who saw the value in this approach to managing container-based software and wanted early access. We incorporated their extensive feedback as we continued iterating on Build Service’s path to general availability. We are happy to announce that we have arrived at a new milestone: Tanzu Build Service is now in beta! 

Easily deploy Tanzu Build Service into any Kubernetes cluster

During the Tanzu Build Service alpha, we got feedback from testers that they would like the software to be easier to deploy into multiple Kubernetes distributions. Because this aligned well with the overall Tanzu strategy, we have shipped some changes to the way that users access and interact with Build Service that make it deployable in any cluster. 

Build Service initially required Tanzu Kubernetes Grid Integrated Edition’s User Account and Authentication (UAA) server for managing access, making it difficult to deploy onto other Kubernetes distributions. The container images produced by Build Service have always been deployable in any Kubernetes cluster, and we wanted the service itself to also run in any cluster.

With that portability in mind, we changed Tanzu Build Service to rely on the credentials in the user’s kubeconfig for authentication instead of using the Tanzu Kubernetes Grid Integrated Edition UAA server. Managing access to Build Service will now be handled through the same workflow as managing access to the cluster that it runs in. We also removed the requirement to set up a gateway and ingress controller between the pb CLI and the cluster. The end result is a streamlined installation experience that works the same way on any Kubernetes cluster.

New resources extend value to more users: stack, store and custom builder

Some of the most notable features introduced in the Tanzu Build Service beta are a set of new resources that are designed to give users fine-grained control over the dependencies they’re maintaining in their containers. Users can also now specify which configurations are accessible to which groups of developers. These resources help teams derive even more value from Build Service’s ability to continuously patch all the applications it builds with the latest versions of the dependencies in each container. 

The stack resource specifies which build and run images are used with the cloud native buildpacks to create your containers. This enables organizations to stay compliant with IT policies around which security settings are applied, and which customizations need to be done to the base OS image.

The store resource enables IT operators to define a collection of buildpacks that are available for building code into containers. Tanzu Build Service comes with a curated selection of open source Paketo Cloud Native Buildpacks in the store, including those for Java, Node.js, go, PHP, httpd and .Net core. Buildpack updates are continuously published to the TanzuNet tile, along with proprietary Tanzu Buildpacks. Tanzu Buildpacks add support for ISV integrations and environments with no internet connection on top of the Paketo buildpacks. Admins can control which buildpacks in the store are accessible to which groups of developers.

The custom builder resource combines the stack and store resources: it defines which combination of build and run images are available to be used by which buildpacks and permits the builder author to scope the resource at the cluster or namespace level.  

In combination, these new resources make Tanzu Build Service significantly more flexible and more able to meet organizations where they are now. Operators have the ability to enable applications to have certain security and policy attributes built into the stack, while the experience for developers continues to be one in which they do not need to worry about anything other than writing great code. Most importantly, critical security updates in any part of the stack are updated continuously without the need for human monitoring or intervention.

Other notable updates in the Tanzu Build Service beta* release

There were a number of smaller changes made to Tanzu Build Service, based on our roadmap and early user feedback, that primarily enhance administration and user experience. 

Changes in the operator/admin user experience:

  • New Admin user type that introduces a measure of Role Based Access Control (RBAC)

  • Add an existing LDAP group to a project

  • List members and groups

  • List projects that a user is a member of

  • Specify SSH credentials when creating a git secret, in order for Build Service to access a source code repository

Changes in the developer user experience:

  • Status checks for images and builders have been added to help with troubleshooting

  • A local zip file (such as a JAR) can now be specified when running pb image apply

See for yourself: Try Tanzu Build Service 

The Tanzu Build Service beta* is now available to run in a Kubernetes cluster near you! We encourage interested developers and operators to give it a try, and we are happy to hear any feedback that teams may have. 

Check out these resources to get started with Tanzu Build Service:

*Note that there is no commitment or obligation that beta features will become generally available.

This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.

VMware Carbon Black’s Self-Healing, Auto-Scaling Infrastructure, Powered by Observability
VMware Carbon Black’s Self-Healing, Auto-Scaling Infrastructure, Powered by Observability

To build reliable, scalable, trustworthy applications, VMware's Carbon Black infrastructure team turned to ...

The 1-Factor App: Using Kubernetes to Get a Jump Start on Modernization
The 1-Factor App: Using Kubernetes to Get a Jump Start on Modernization

Full app modernization is hard, but being able to restart is a good start.

SpringOne at VMware Explore 2023

Learn More