Every business is looking for ways to win new customers and retain existing ones. To that end, they need to provide a compelling user experience and consistently push new business ideas into the market before their competitors do by running software in production in a way that is fast, secure, and scalable.
Along with this race to develop rich user experiences, many large organizations have realized that running existing applications in containers using platforms like Kubernetes is beneficial, as it can help them to collect the low-hanging fruits of efficient hardware capacity utilization by running more apps per physical host. That’s why we see a wave of application modernization taking place whereby businesses are transforming applications to run them as containers on platforms.
If you’re ready to modernize your organization’s software development process but aren’t sure where to begin, this post will give you a high-level overview of what’s involved. It will introduce you to the various components you’ll need to not only build but also run and manage different kinds of workloads across different environments, including on-premises and public cloud infrastructure. And you’ll see how VMware Tanzu Advanced Edition and its components support modern app development every step of the way.
Let’s get started.
Give your idea shape
All app development starts with code that implements an idea. But before that work begins, ask yourself: Should your developers spend time writing redundant boilerplate code every time they work on developing an application? Or should they focus on the business functionality? Most people would choose the latter. That's why Spring Boot is so popular today, with more than 60 percent of Java applications now based on Spring Framework and its ever-growing ecosystem.
VMware Spring Runtime, which is part of the Tanzu family of products, provides commercial support for Java, Tomcat, and Spring, including Spring Boot. Tools like Spring Initializr help developers quickly get started with the Spring Boot app, much in the way that the Steeltoe Initializr tool aids .NET developers using Steeltoe. They both provide an efficient way to create an application using boilerplate code so that developers can focus on the code that generates revenue.
Build a container image
Once you develop your application, you need to run it. Running it in a container is a great solution, but for that, you’ll first need a continuous integration (CI) pipeline to build a container image. You have various tools to choose from, among them Maven plugins and constructs like Dockerfiles. But give careful thought to how secure and efficient the approach you’re considering truly is. How will you effectively govern who can use which versions of the operating system and libraries required for the container to run? How will you be able to quickly identify and patch impacted containers to address any critical security exposures?
Those are hard problems to solve when your organization operates at a large scale. You might also want to avoid having developers—or anyone in your organization, for that matter—spend any amount of time writing and maintaining Dockerfiles. VMware Tanzu Build Service addresses all of these challenges by generating application images from its source code using a central repository of approved libraries and operating system layers in an efficient, fully automated manner. That means when you change either your application code or image builder configuration, or need to update outdated or vulnerable dependencies, all impacted container images can be rebuilt in a matter of minutes rather than weeks.
Tanzu Build Service takes a Kubernetes-native declarative approach to managing your applications' container images. Based on a CNCF-governed project and a battle-tested technology called Cloud Native Buildpacks, whereby the buildpacks contain the necessary collection of dependencies for your application to run, Tanzu Build Service helps organizations pave a smoother and more secure path to production. In fact, two branches of the U.S. Armed Forces trust it to build and keep up to date several of their most critical production apps. And a large financial institution in the UK relies on Tanzu Build Service to containerize the services that make up its internal cache, which consists of data points provided by the company’s more than 10 million customers.
Store the container image
Now that you have your container image, you need a place to store it that is secure, consistent, and scalable. It should be secured so that it’s possible to scan the images for common vulnerabilities and exposures (CVEs), which allows you to create pull policies based on the scan results. With these two capabilities, serious vulnerabilities can be prevented right out of the gate rather than being discovered in your production environment or, worse, becoming the source of a hack later. The image below shows a list of CVEs identified for a container image.
Along with security, you’ll also want an image registry that provides a consistent user experience. It should offer a consistent way to push, pull, and manage container images using a GUI, API, or CLI interface. And it should be able to handle thousands of images at an enterprise scale, with a multitenancy model that accommodates different teams and different environments with different configurations and policies.
To address these needs, Harbor is included in the VMware Tanzu Advanced toolkit. Harbor is a CNCF-governed open source project with enterprise support from VMware. It is not just a file system of containers, but a purpose-built tool to host container images and Helm charts. As a lightweight container registry with great security and multitenancy features, it can be hosted on Kubernetes along with a traditional virtual machine (VM)-based deployment.
Utilize provision-backing services
Just about every standalone application needs a backing service, such as a database or a message queue. To that end, open source solutions such as MySQL, RabbitMQ, Kafka, and others are becoming more popular, especially for running on containers to enable better resource utilization. However, finding a trusted source from which developers can download security-compliant container images can be difficult. And it becomes even more challenging if you decide to build your own images. When your catalog grows and you have a never-ending stream of newer versions of such open source software offerings, each with its own set of dependencies, the operation can become a nightmare.
To address this challenge, Tanzu Application Catalog provides access to a steady stream of validated open source software images and Helm charts that you can use to manage Kubernetes-based software deployments. It moreover provides comprehensive details of the content delivered to you, including results from tests of the images, CVE scan reports, a bill of materials to show the full content of those images—even antivirus scan reports—all of which give operators full control and related confidence. Both the images and charts, as well as the accompanying metadata, can be mirrored to your local Harbor repository where they can be automatically kept up to date. Once your organization has access to the catalog, your developer teams are empowered with a self-service mechanism to easily deploy the back-end services they need on Kubernetes.
Developers who leverage this catalog offering can use Kubeapps, a lightweight, open source, Kubernetes-based GUI tool to expose Tanzu Application Catalog Helm charts to internal users so they can easily launch and manage them. In this way, Tanzu Application Catalog provides your operations team with full control while increasing developer productivity with a self-service catalog offering. Tanzu Advanced includes enterprise support for Tanzu SQL as well.
Deploy and run container images
Now that the container images for both the app and the back-end services are available to pull from your Harbor registry, you need a Kubernetes dial tone to run them via your continuous delivery (CD) pipeline. For this critical piece of the puzzle, VMware Tanzu Kubernetes Grid is the best Kubernetes platform on vSphere. VMware has intentionally built vSphere to incorporate Kubernetes cluster lifecycle management into the same user interface that your operators have used to manage your VMs for years. Apart from your private data center on vSphere, it provides a consistent means of operation across different public clouds as well.
Tanzu Kubernetes Grid is fast to deploy, and it scales in minutes. And by not adding custom changes at the Kubernetes level, it ensures that your organization can reap the benefits of using open source software without vendor lock-in. Once your CD pipeline deploys the app in a Kubernetes cluster, your idea is deployed as running software that your end user can access.
Overcome Day 2 operational challenges
As your Kubernetes adoption matures, you will have many different clusters to manage across your organization. These Kubernetes clusters might come in different flavors and run on different platforms, among them Tanzu, OpenShift, AWS EKS, Google Cloud, Microsoft Azure, Rancher, and more. While you might prefer to have a multi-cloud strategy, managing these heterogeneous deployments can be challenging. You’ll need to secure and govern them by applying consistent access, networking, security, and other deployment policies for all clusters running across different cloud platforms.
VMware Tanzu Mission Control allows you to create such compliance policies both horizontally and vertically. For the horizontal dimension, it lets you group a number of Kubernetes namespaces (a logical multitenancy construct) across different Kubernetes clusters used by applications of the same organizational unit and create a common management policy for that group of namespaces. For example, you might institute a common policy for all the various microservices of an online ordering system that might be running on different Kubernetes clusters.
On the other hand, on the vertical dimension you might create different groups of Kubernetes clusters to which you can apply common policies. For example, you might create a strict policy for all production clusters and a lenient policy for all nonproduction clusters. And you might run a compliance scanner for all the clusters to uncover any outliers that need your attention. This is particularly helpful when you have to deal with hundreds of clusters.
Tanzu Mission Control provides a single pane of glass to manage your entire fleet of clusters. It boosts the rate of Kubernetes adoption and provides ample security, at any scale, while ensuring operational consistency across multiple platforms. Such capabilities are essential for the Day 2 operation of Kubernetes clusters.
Overcome Day 2 stability challenges
The other challenge that teams might encounter on Day 2 is having to find the root cause of something that goes wrong. Deploying apps running in containers is akin to sending a probe on a Mars mission—you can’t get direct access to it for troubleshooting. That's where a great observability tool becomes a crucial capability—especially when your app is running in a container that is inside a Kubernetes pod, which is inside a Kubernetes node, which is inside a server host, which is inside a rack, which is in a data center somewhere on the globe! With so many layers involved, reducing your mean time to recovery by troubleshooting your app requires top-to-bottom visibility.
VMware Tanzu Observability provides a single, real-time view of the metrics vital to all the layers involved. It lets you use several out-of-the-box integrations with different products and platforms, resulting in rich dashboards that are carefully curated from the same datasets for different purposes and personas. It also includes sophisticated machine learning algorithm-based alerts so that you get fewer false positives. Where Tanzu Mission Control is your single pane of glass for control, Tanzu Observability is your single pane of glass for visibility. It provides consistent visibility at the rate of recovery needed, at scale, for hundreds of clusters and thousands of containers.
Secure interservice communication
Large organizations often have microservices that are owned by different teams and deployed on different Kubernetes clusters—or even on different cloud platforms. Such a hybrid or multi-cloud approach was easy when individual teams built their own monolithic applications. However, modern cloud native business flows need interactions among these microservices to take place in order to serve a single customer request, which requires a single entry point so the request can be served by multiple services, as a unit. With that in mind, you want the platform itself to provide encryption and network policy management out of the box. You should have only one external-facing service for such flows, with all other back-end microservices being accessed by other internal microservices only as required.
For such an aggressive security posture, you would need a fully supported, enterprise-grade service mesh solution. This is where VMware Tanzu Service Mesh comes in. At a high level, it provides an overlay network capability that expands across Kubernetes clusters. As shown in the image below, it connects different services running in those clusters by creating required network policies and provisioning secured communication among them. The result is that these clusters and services, even when deployed on different private and public cloud infrastructures, behave and are managed as part of one secure network environment.
Get it all in the Tanzu Advanced full-stack solution
As you’ve seen, the VMware Tanzu portfolio eases app development and allows your developers to focus on the work that will bring value to your organization. You can now access all of these capabilities in a simplified package called VMware Tanzu Advanced. This edition transforms a collection of individual, targeted products into a full-stack platform for developing, delivering, and managing modern applications.
To learn more about Tanzu Advanced Edition, watch the announcement webinar or check out the editions site for more details.
About the AuthorMore Content by Parth Pandit