As Kubernetes continues to mature—rounding the corner toward its 6th birthday—we’ve started to see a shift in terms of the challenges our customers need to solve. Initially, Kubernetes installation was complex. As multiple solutions for installation and lifecycle management sprang up, companies seeking to adopt Kubernetes had to figure out the right approach. With the open source community standardizing on technologies like Cluster API for installation and declarative lifecycle management of multiple clusters, we’re now seeing a path toward consistency in this respect across clouds.
We’re also seeing a shift in how our customers build their Kubernetes environments. Customers are shifting away from deploying one large cluster for workloads that is subdivided using namespaces. Instead customers are adopting a more resilient architecture that enables the deployment of many workload clusters and an ephemeral, “cluster-as-cattle” mentality to proactively reduce their business risk.
With installation becoming easier, and multi-cluster architectures becoming standard, what’s the next challenge to tackle? True multi-cluster management. At VMware, we work with the world’s largest companies, for whom even a small-scale security breach would make front-page headlines. That means we had to approach the challenge of multi-cluster management with security and compliance as a top concern—while also considering enterprise size and scale concerns. Within large enterprise companies, Kubernetes adoption typically happens in pockets across application teams, who may be running Kubernetes in different environments. So we needed a solution to help our customers manage and govern multiple clusters, deployed across multiple clouds by multiple teams.
Earlier this month, we announced the availability of VMware Tanzu Mission Control. Tanzu Mission Control is a centralized management platform for consistently operating and securing Kubernetes infrastructure and modern applications across teams and clouds.
Let’s take a closer look at how this solution can help you more rapidly adopt, scale, and secure Kubernetes across your organization.
Centralized management across teams and clouds
One of the key functionalities of Tanzu Mission Control is its ability to centralize your entire Kubernetes footprint across clusters, teams and clouds. This centralization allows for much more efficient management at scale.
Centralized multi-cluster lifecycle management
Tanzu Mission Control enables automated provisioning and lifecycle management of Kubernetes clusters across different environments. Today, it supports provisioning, scaling, upgrading and deleting clusters in Amazon EC2, with support for vSphere and other public clouds coming soon. It keeps your operational burden low, while providing access to the Kubernetes control plane if you need it, for security or auditing purposes. Behind the scenes the open source technology Cluster API brings declarative, Kubernetes-style APIs to cluster creation, configuration, and management.
Check out this demo showing you how to add your AWS EC2 account to Tanzu Mission Control and provision new clusters.
Attachment of any CNCF-conformant clusters
In addition to provisioning clusters, Tanzu Mission Control also allows you to attach any CNCF-conformant clusters to the platform no matter where the clusters are running—on-prem, in public clouds, through various Kubernetes vendors such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), OpenShift, and at the edge. You now have your entire Kubernetes footprint under one single control point.
Existing clusters from different environments are attached to Tanzu Mission Control for centralized management
Centralized policy management and governance
Another unique feature of Tanzu Mission Control is its ability to group your clusters and namespaces across clouds for efficient policy management at scale. It allows you to group your clusters into Cluster Groups so you can easily apply policies to a fleet of clusters instead of using the old cluster-by-cluster approach. In addition, we have introduced a new concept called a Workspace, with which you can group namespaces together across multiple clusters for applying policies at scale. Currently Tanzu Mission Control supports the enforcement of access, image registry, and network policies, with more policies—like backup and recovery and pod security policies—coming soon.
Check out the demo below to see how to apply access policy to a group of clusters using Tanzu Mission Control.
Global observability and diagnostics
With Tanzu Mission Control, you can view the health of all your clusters and workloads from a centralized point, for quick diagnosis and troubleshooting. For more advanced troubleshooting, you can also use third-party observability and monitoring solutions with Tanzu Mission Control, such as Prometheus or Tanzu Observability by Wavefront, to get more deeper insights.
Tanzu Mission Control visualizes the health status of your Kubernetes components
Enable your developers with easy access to Kubernetes across clouds
With Tanzu Mission Control, Kubernetes operators can easily enable developers with self-service access to clusters and namespaces running in multiple clouds with its support for quick provisioning of new clusters across clouds. In addition, it also includes features to help really streamline such enablement.
Application-centric policy management
Modern applications today leverage microservices which may reside at different places on-prem or in clouds. This is why we introduced the Workspace concept to help you group different namespaces running in multiple clusters across multiple environments together. Such an application-centric approach really comes in handy when you manage your Kubernetes from a developer’s point of view. Operators can apply application-specific policy quickly to Workspaces so that your developers can easily and safely access the Kubernetes namespaces where their applications are running within all the guardrails put in place readily for them.
Instantly grant your developer access to a Workspace via the policy engine
Centralized authorization and authentication with easy access control
Tanzu Mission Control also expedites your developers’ access to Kubernetes through its centralized authentication and authorization and the ability to federate identity from multiple sources, such as AD, LDAP, and SAML. It uses VMware Cloud Services to manage access, allowing you to set up federation with your corporate domain. Your developers can use your organization's existing single sign-on and identity source to sign in to VMware Cloud Services and access the right Kubernetes resources.
Secure your Kubernetes footprint across teams and clouds
Tanzu Mission Control includes some key features to help address enterprise security needs.
Cluster inspection
Cluster inspection is a unique feature of Tanzu Mission Control which can be used as a preventative measure against potential risks. Today, Tanzu Mission Control supports conformance inspection, which validates the binaries running on your cluster and ensures that your cluster is properly installed, configured, and working according to industry standards.
Under the hood of this feature is an open source technology called Sonobuoy, a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in a non-destructive manner. Sonobuoy is the tool that the CNCF uses for its own conformance testing.
Security policies
With Tanzu Mission Control, you will be able to efficiently apply security related policies such as access policies, which allow you to make sure only the right person can access certain resources; image registry policies, which let you prevent unauthorized container images from being pulled and causing security breaches, and; network policies, which enable you to define how pods communicate with each other and other network endpoints to improve your network security. More security related policies are on the roadmap.
In summary, as a centralized Kubernetes management platform, Tanzu Mission Control provides enterprises with a single control point to give developers the independence they need to drive business forward, while enabling consistent management and operations for increased security and governance.
To learn more about Tanzu Mission Control, check out our website, watch these product demos or, and try the Hands-on-lab. If you are interested in talking to our Kubernetes expert for a tailored demo, contact us here.
Previous
VMware Tanzu Application Service 2.9: Key Enhancements for Transformation at Scale
VMware Tanzu Application Service 2.9 is now generally available. This post reviews important enhancements t...
Next
vSphere 7 and Tanzu Kubernetes Grid = Powerful Platform for Architecting Modern Apps
This latest version of vSphere has numerous added features, including native integration of the Tanzu Kuber...
Tanzu Cloud Service Broker for Google Cloud Platform Comes to Tanzu Application Service
With Tanzu Cloud Service Broker for Google Cloud Platform, now available in Tanzu Application Service, developers can easily consume Google Cloud Platform services within Tanzu Application Service.
Build Enterprise Spring Applications at Scale with Azure Spring Apps Enterprise
With Azure Spring Apps, formerly Azure Spring Cloud, developers can build and deploy Spring apps on Microsoft Azure, with built-in monitoring, scaling, and integration with the Azure ecosystem.
Identifying Trends in Energy with Advanced Observability
See how VMware Tanzu Observability gave a British smart meter company unprecedented visibility into its platform and smoothed the path creating more innovative products.
Creating a Platform Team to Support a Modern Application Platform
Building a platform team to support a modern app platform is hard. Get helpful tips to demystify this process and get started on your platform team goal.
Dive into a real-world example of how VMware Tanzu Labs approaches migrating a business-critical system from a mainframe infrastructure to a microservices architecture.
Contour Joins Forces with Community Leaders to Build New Envoy Gateway Project
Contour’s VMware maintainers will be the founding members of a new Envoy Gateway project: Project Envoy’s official Service Networking solution based on Envoy and Gateway API.
The Battle-Tested API Gateway for VMware Tanzu Application Service Gets Even Better
Announcing version 1.2 of Spring Cloud Gateway for VMware Tanzu! See how it can improve the API developer user experience with increased operational monitoring options for your API runtime.
How Infrastructure Virtualization Accelerates Data Science: VMware Tanzu and Domino Data Lab
With Domino Data Lab and VMware Tanzu, code-first data science teams can accelerate research, increase collaboration, and deploy models across an optimized multi-cloud infrastructure.
VMware Tanzu Application Service Delivers Separate Log Cache
VMware Tanzu Application Service 2.13 unveils an improved Log Cache, which has been separated into its own virtual machine instance for enhanced scaling options.
As more large organizations adopt Kubernetes, skills are improving while security concerns are growing. See all the highlights about Kubernetes trends in VMware's 2022 State of Kubernetes survey.
Announcing Stronger Istio Support with Istio Mode for VMware Tanzu Service Mesh
With the new Istio Mode, operators can interact directly with the open source Istio deployment on their clusters while using Tanzu Service Mesh for its lifecycle management, observability, and more.
The Power of a Modern Database: YugabyteDB and VMware Tanzu
Together, VMware Tanzu and Yugabyte complement each other and help organizations adopt a modern approach to building, running, and managing modern workloads. Learn more about the partnership.