A lot has happened since VMworld 2019. OK, that might be the understatement of the year. But in that time, VMware Tanzu has evolved into a broad portfolio for building and modernizing applications. Operations teams now have what they need to build a more secure software supply chain. And, at the foundation, vSphere pros have a simplified way to get started with Kubernetes.
At VMworld 2020, the path to business outcomes with modern apps became clearer. Core vSphere pros gained a lot of insight into new capabilities for managing Kubernetes. Operations teams learned how Tanzu supports a secure, observable path to production. And attendees heard inspiring stories from Northern Trust, Fiserv, and Humana about modernizing applications and their respective “path to production” stories. Read on for more detail.
Putting Kubernetes at the fingertips of vSphere pros
Shortly before VMworld, VMware announced Tanzu Editions, packaging Tanzu capabilities to address common customer challenges. Tanzu Editions and vSphere with Tanzu provide ready access to Kubernetes to millions of IT admins, who can now configure Kubernetes in their existing networking and storage environments in as little as an hour.
At VMworld, Ross Kukulinski gave an introduction to Tanzu Editions and Tanzu Kubernetes Grid, highlighting how it supports teams to treat Kubernetes clusters as "cattle, not pets." Applying this DevOps mantra to Kubernetes clusters themselves is key. Cluster API enables this best practice in Tanzu Kubernetes Grid, delivering a declarative approach to lifecycle management.
Kukulinski explained how Tanzu Kubernetes Grid is an opinionated offering with all the essential pieces for a powerful Kubernetes platform. This includes Harbor for container registries, Antrea for container networking, Contour for ingress control, and Fluent Bit for log shipping. IT pros can swap out any of these components for alternatives, but at least they are starting with a complete set of healthy packages.
He went on to describe how vSphere with Tanzu goes further to create a "vCenter-optimized" experience of Tanzu Kubernetes Grid to provide developers with safe, self-service access to Kubernetes infrastructure.
Later in the day, Olive Power demonstrated how VMware has implemented namespaces. With namespaces, vSphere pros can create a “workspace” for developers and assign permissions and limits in the same way they would for a VM. Developers can then self-service provision a Kubernetes cluster the same way they provision a VM. Power also showed how this extends to services running on Kubernetes. (Where does the software for those services come from? We'll get to that in a minute.)
vSphere with Tanzu allows IT practitioners to use familiar vSphere tooling and skills, but we didn't stop there. VMware also announced KubeAcademy Pro for folks to grow their Kubernetes skill sets. Be sure to take advantage of this free membership to get deeper training on Kubernetes. There's even a new course from Boskey Savla specifically for virtual infrastructure admins.
Managing Kubernetes from vSphere to the cloud to the edge
As organizations scale their Kubernetes deployments, IT pros need to manage and govern multiple clusters. However, as Eryn Muetzel pointed out in her Tanzu management overview session, this is harder with sprawl and fragmentation that limits visibility and control. Furthermore, there is a trend towards more clusters to solve for the need for stronger isolation, minimizing blast radiuses, and customization between Kubernetes environments.
This is where Tanzu Mission Control comes in. Tanzu Mission Control provides a single control point for Kubernetes operators to consistently and efficiently manage multiple clusters across different environments. Muetzel highlighted Tanzu Mission Control’s policy engine, which is used to consistently apply policies—including for access, security, registry, network, and quotas—to your clusters located across different environments at scale.
Even with just a couple of clusters, Tanzu Mission Control proves its value by simplifying upgrades and access policies. Early adopters report the need to upgrade their clusters regularly because upstream Kubernetes community ships new versions, patches, and CVE fixes at a really high frequency. Tanzu Mission Control supports centrally managing cluster lifecycle through its UI, API, and CLI, ensuring you can easily keep all your clusters up to date with the best security posture. IT teams avoid the lengthy and manual task of upgrading and patching clusters in those siloed environments.
In her talk, Muetzel noted the upcoming availability of vSphere provisioning from Tanzu Mission Control, which will enable platform and development teams to build on the power of vSphere. She also demonstrated workload management, integration with Tanzu Observability, and data protection features.
Finally, Muetzel highlighted Tanzu Mission Control’s value in edge use cases, which are popular in telco and retail. Tanzu Mission Control is part of a broader reference architecture for edge computing using the Remote Office/Branch Office (ROBO) topology, which includes Tanzu Observability and Tanzu Kubernetes Grid. Read about the four capabilities for running a cloud native stack at the edge.
Building the secure software supply chain atop Kubernetes
Tension between developers and IT teams is as old as software itself. Why? Developers want to access a wide range of software tools and libraries to make their job of delivering business logic easier. Who wants to reinvent the wheel, right? Meanwhile, IT feels the burden of supporting and securing so much different software. Can't we standardize on a few things?
Standardization has often been the name of the game, but at the expense of innovation. Even more frustrating is the reality of "drift"—that is, even once you've standardized, you still have variation that gets introduced over time. So, you've traded away innovation AND you have to support variation. It's a lose-lose proposition.
Tanzu inverts this paradox with a declarative approach to how IT teams support developers as they build container images and access useful third-party images. (As you may recall, Kubernetes takes a declarative approach to infrastructure). With the Tanzu Application Catalog, platform teams can curate and expose a rich catalog of compliant software for developers. They can also declare image configuration and ensure containerized software images are always up to date. Read the latest post about the benefits of this approach to continuous updates and vulnerability scanning. That issue of "drift" comes under control with Tanzu Application Catalog.
Securing open source packages, however, isn’t the only challenge on the path to production. Jared Ruckle and Rohini Rajaram gave an overview of how Tanzu Application Service automates many steps to get code into production. That path to production is a path to enterprise transformation. By eliminating handoffs and waiting, teams can measure success in business terms. That means daily production deployments and the ability to scale into secondary environments.
The need to release code quickly and scale seamlessly has become more urgent during the pandemic. In another session, Ian Andrews interviewed Srinivas Machani, VP of enterprise architecture at Fiserv, about that company’s recent experience. Using Tanzu Application Service, React.js, and APIs built with Spring Boot, the fintech leader built a loan application portal to help small businesses during the COVID crisis.
Tackling the complexity of modern app architectures
So, we've set up vSphere pros to manage Kubernetes with all the trappings for a self-service experience for developers. We've layered on the means to manage and secure open source packages, build processes, and take many of the steps to production. What about the code itself? Is it ready to run on a modern application platform?
To reap the benefits of elastic scaling, auto-recovery, and rapid releases, apps need some design details. How dependencies are handled can make or break how an application scales or restarts. That ability to restart quickly and predictably is a baseline need for running applications in Kubernetes.
Microservices architectures create the team autonomy that allows for more frequent code releases. Loose coupling means there's less risk that something breaks when a change is introduced. And the circuit breaker pattern means that if something does break, it fails gracefully. But this distributed approach to applications introduces complexity.
Nowhere is this complexity more clear than in troubleshooting a microservice. That's why Tanzu Observability has long supported distributed tracing and now helps you future-proof application performance management with support for OpenTelemetry, enhanced Application Maps, and more. And with support for PromQL and integration with Tanzu Mission Control, Tanzu Observability makes it easier to use with the Kubernetes ecosystem. Learn more about all the Tanzu Observability news in this post.
Besides the architecture, dependencies, and troubleshooting, another challenge is organizational inertia. For many enterprise architects and application leaders, deciding where to begin can feel overwhelming. In the App Modernization solutions keynote, James Watters highlighted the following great resources:
-
For IT pros, there is the new, free KubeAcademy Pro subscription
-
For developers, the Tanzu Developer Portal is a great resource covering modern app patterns and how to handle those dependencies
-
And for architects and application leaders, VMware Pivotal Labs offers Discovery Workshops (he even shared how VMworld attendees can request a free workshop)
VMware Tanzu has come a long way in the last year. IT teams are more empowered than ever to manage Kubernetes. Platform teams and DevOps engineers have critical services to secure, maintain, and observe code used and deployed by developers. And with the urgency to release digital capabilities to customers and citizens, application leaders have a clearer path—and a raft of inspirational examples—to get started.
I can't wait to see what the VMworld community will do with Tanzu.
About the Author
Follow on Twitter Visit Website More Content by Dormain Drewitz