As Kubernetes continues to mature—rounding the corner toward its 6th birthday—we’ve started to see a shift in terms of the challenges our customers need to solve. Initially, Kubernetes installation was complex. As multiple solutions for installation and lifecycle management sprang up, companies seeking to adopt Kubernetes had to figure out the right approach. With the open source community standardizing on technologies like Cluster API for installation and declarative lifecycle management of multiple clusters, we’re now seeing a path toward consistency in this respect across clouds.
We’re also seeing a shift in how our customers build their Kubernetes environments. Customers are shifting away from deploying one large cluster for workloads that is subdivided using namespaces. Instead customers are adopting a more resilient architecture that enables the deployment of many workload clusters and an ephemeral, “cluster-as-cattle” mentality to proactively reduce their business risk.
With installation becoming easier, and multi-cluster architectures becoming standard, what’s the next challenge to tackle? True multi-cluster management. At VMware, we work with the world’s largest companies, for whom even a small-scale security breach would make front-page headlines. That means we had to approach the challenge of multi-cluster management with security and compliance as a top concern—while also considering enterprise size and scale concerns. Within large enterprise companies, Kubernetes adoption typically happens in pockets across application teams, who may be running Kubernetes in different environments. So we needed a solution to help our customers manage and govern multiple clusters, deployed across multiple clouds by multiple teams.
Earlier this month, we announced the availability of VMware Tanzu Mission Control. Tanzu Mission Control is a centralized management platform for consistently operating and securing Kubernetes infrastructure and modern applications across teams and clouds.
Let’s take a closer look at how this solution can help you more rapidly adopt, scale, and secure Kubernetes across your organization.
Centralized management across teams and clouds
One of the key functionalities of Tanzu Mission Control is its ability to centralize your entire Kubernetes footprint across clusters, teams and clouds. This centralization allows for much more efficient management at scale.
Centralized multi-cluster lifecycle management
Tanzu Mission Control enables automated provisioning and lifecycle management of Kubernetes clusters across different environments. Today, it supports provisioning, scaling, upgrading and deleting clusters in Amazon EC2, with support for vSphere and other public clouds coming soon. It keeps your operational burden low, while providing access to the Kubernetes control plane if you need it, for security or auditing purposes. Behind the scenes the open source technology Cluster API brings declarative, Kubernetes-style APIs to cluster creation, configuration, and management.
Check out this demo showing you how to add your AWS EC2 account to Tanzu Mission Control and provision new clusters.
Attachment of any CNCF-conformant clusters
In addition to provisioning clusters, Tanzu Mission Control also allows you to attach any CNCF-conformant clusters to the platform no matter where the clusters are running—on-prem, in public clouds, through various Kubernetes vendors such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), OpenShift, and at the edge. You now have your entire Kubernetes footprint under one single control point.
Existing clusters from different environments are attached to Tanzu Mission Control for centralized management
Centralized policy management and governance
Another unique feature of Tanzu Mission Control is its ability to group your clusters and namespaces across clouds for efficient policy management at scale. It allows you to group your clusters into Cluster Groups so you can easily apply policies to a fleet of clusters instead of using the old cluster-by-cluster approach. In addition, we have introduced a new concept called a Workspace, with which you can group namespaces together across multiple clusters for applying policies at scale. Currently Tanzu Mission Control supports the enforcement of access, image registry, and network policies, with more policies—like backup and recovery and pod security policies—coming soon.
Check out the demo below to see how to apply access policy to a group of clusters using Tanzu Mission Control.
Global observability and diagnostics
With Tanzu Mission Control, you can view the health of all your clusters and workloads from a centralized point, for quick diagnosis and troubleshooting. For more advanced troubleshooting, you can also use third-party observability and monitoring solutions with Tanzu Mission Control, such as Prometheus or Tanzu Observability by Wavefront, to get more deeper insights.
Tanzu Mission Control visualizes the health status of your Kubernetes components
Enable your developers with easy access to Kubernetes across clouds
With Tanzu Mission Control, Kubernetes operators can easily enable developers with self-service access to clusters and namespaces running in multiple clouds with its support for quick provisioning of new clusters across clouds. In addition, it also includes features to help really streamline such enablement.
Application-centric policy management
Modern applications today leverage microservices which may reside at different places on-prem or in clouds. This is why we introduced the Workspace concept to help you group different namespaces running in multiple clusters across multiple environments together. Such an application-centric approach really comes in handy when you manage your Kubernetes from a developer’s point of view. Operators can apply application-specific policy quickly to Workspaces so that your developers can easily and safely access the Kubernetes namespaces where their applications are running within all the guardrails put in place readily for them.
Instantly grant your developer access to a Workspace via the policy engine
Centralized authorization and authentication with easy access control
Tanzu Mission Control also expedites your developers’ access to Kubernetes through its centralized authentication and authorization and the ability to federate identity from multiple sources, such as AD, LDAP, and SAML. It uses VMware Cloud Services to manage access, allowing you to set up federation with your corporate domain. Your developers can use your organization's existing single sign-on and identity source to sign in to VMware Cloud Services and access the right Kubernetes resources.
Secure your Kubernetes footprint across teams and clouds
Tanzu Mission Control includes some key features to help address enterprise security needs.
Cluster inspection
Cluster inspection is a unique feature of Tanzu Mission Control which can be used as a preventative measure against potential risks. Today, Tanzu Mission Control supports conformance inspection, which validates the binaries running on your cluster and ensures that your cluster is properly installed, configured, and working according to industry standards.
Under the hood of this feature is an open source technology called Sonobuoy, a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in a non-destructive manner. Sonobuoy is the tool that the CNCF uses for its own conformance testing.
Security policies
With Tanzu Mission Control, you will be able to efficiently apply security related policies such as access policies, which allow you to make sure only the right person can access certain resources; image registry policies, which let you prevent unauthorized container images from being pulled and causing security breaches, and; network policies, which enable you to define how pods communicate with each other and other network endpoints to improve your network security. More security related policies are on the roadmap.
In summary, as a centralized Kubernetes management platform, Tanzu Mission Control provides enterprises with a single control point to give developers the independence they need to drive business forward, while enabling consistent management and operations for increased security and governance.
To learn more about Tanzu Mission Control, check out our website, watch these product demos or, and try the Hands-on-lab. If you are interested in talking to our Kubernetes expert for a tailored demo, contact us here.
Previous
VMware Tanzu Application Service 2.9: Key Enhancements for Transformation at Scale
VMware Tanzu Application Service 2.9 is now generally available. This post reviews important enhancements t...
Next
vSphere 7 and Tanzu Kubernetes Grid = Powerful Platform for Architecting Modern Apps
This latest version of vSphere has numerous added features, including native integration of the Tanzu Kuber...
Ensure Kubernetes Compliance with New Private Registry Support for VMware Tanzu Mission Control
VMware Tanzu Mission Control is a hub for multi-cluster Kubernetes management and is now announcing support for users to deploy cluster images from their own private image registries.
Escape the Legacy Trap: 5 Keys to Successful Application Modernization
Being bogged down in legacy software has very real business implications. Here are five actionable steps you can take to modernize your organization’s software and processes.
IDC Technology Spotlight: Ensure Secure Open Source Software Using Automated Tooling
In a new technology research paper, analysts from IDC shed light on the increasingly prominent role automated tooling technology plays in securing open source software supply chains.
Hunting the Bear: Why Agile Product Teams Have So Much Trouble Onboarding Data Science
There are differences between working on a traditional software product and one that incorporates data science. Successfully folding data science into a product team is a little like hunting a bear.
The Care and Feeding of Internal Developer Platforms
Like gardeners tend to their greenhouses, platform engineers must also tend to their platform ecosystems with monitoring and management to help optimize the development environment.
Workplace Innovation: Highlights from the VMware IT Performance Annual Report 2022, Part Six of Six
by: VMware on VMware Staff Part one of this series provided an overview of the VMware IT Performance Annual Report 2022 and VMware IT innovation. In part two, we looked at the digital...
Extending the Pivotal Labs Way: How Tanzu Labs Helps Organizations Deliver Great Software
Do the right thing. Do what works. Be kind. These core tenets, a.k.a. the Pivotal Way, drove Pivotal Labs client engagements for decades and still guide the approach Tanzu Labs takes today.
Help Improve the VMware Tanzu Experience: Join Our User Research Program!
Sign up for an opportunity to participate directly in the VMware Tanzu Design team's user research as we work to improve the overall experience of Tanzu products.
The State of Kubernetes survey shows a growing interest in commercial monitoring, alerting, and observability tools, up 7 percent from last year, while 57 percent are paying for service mesh tools.
Boost App Resiliency and Performance with Tanzu for Kubernetes Operations on Dell VxRail
VMware Tanzu for Kubernetes Operations on Dell VxRail can improve application resiliency and the performance needed to quickly and securely build, deploy, and manage your multi-cloud environment.
How VMware Event Hub Drives Adoption of Event-Driven Architecture
by: Enterprise Integrations Architect Jitendra Nath and Technical Architect, Business IT Architecture Eric Rong What is event-driven architecture? Event-driven architecture (EDA) is a software...
Scaling Beyond the Pilot in Public Sector Organizations
Scaling a product team can be daunting, yet is worth the return on investment. Here are the three phases of transformation we've seen our government customers experience, and what to watch out for.
7 Ways to Turn Developer Experience into a Competitive Edge
At a time when rapid innovation has become a strategic business imperative, application development and developer experience are more important than ever.
Multi-Cloud, Still an Actual Thing after All These Years
76 percent of organizations utilize multiple clouds, with 44 percent running Kubernetes only in public clouds, according to the 2023 State of Kubernetes report.
What makes a good developer experience, and how can you improve yours to make your developers happier and more productive? Here's some real-world advice from a developer.
VMware Application Catalog Now Delivers Open Source SBoM in SPDX Format
The software bill of materials provided by VMware Application Catalog is now available in SPDX format, an international open standard developed by the Linux Foundation for communication of SBoM.
Speed Up and Scale Amazon EKS Cluster Deployments with New VMware Tanzu Mission Control Features
VMware Tanzu Mission Control, a hub for multi-cluster Kubernetes management, is announcing general availability support for the lifecycle management of Amazon EKS clusters with expanded features.