As Kubernetes continues to mature—rounding the corner toward its 6th birthday—we’ve started to see a shift in terms of the challenges our customers need to solve. Initially, Kubernetes installation was complex. As multiple solutions for installation and lifecycle management sprang up, companies seeking to adopt Kubernetes had to figure out the right approach. With the open source community standardizing on technologies like Cluster API for installation and declarative lifecycle management of multiple clusters, we’re now seeing a path toward consistency in this respect across clouds.
We’re also seeing a shift in how our customers build their Kubernetes environments. Customers are shifting away from deploying one large cluster for workloads that is subdivided using namespaces. Instead customers are adopting a more resilient architecture that enables the deployment of many workload clusters and an ephemeral, “cluster-as-cattle” mentality to proactively reduce their business risk.
With installation becoming easier, and multi-cluster architectures becoming standard, what’s the next challenge to tackle? True multi-cluster management. At VMware, we work with the world’s largest companies, for whom even a small-scale security breach would make front-page headlines. That means we had to approach the challenge of multi-cluster management with security and compliance as a top concern—while also considering enterprise size and scale concerns. Within large enterprise companies, Kubernetes adoption typically happens in pockets across application teams, who may be running Kubernetes in different environments. So we needed a solution to help our customers manage and govern multiple clusters, deployed across multiple clouds by multiple teams.
Earlier this month, we announced the availability of VMware Tanzu Mission Control. Tanzu Mission Control is a centralized management platform for consistently operating and securing Kubernetes infrastructure and modern applications across teams and clouds.
Let’s take a closer look at how this solution can help you more rapidly adopt, scale, and secure Kubernetes across your organization.
Centralized management across teams and clouds
One of the key functionalities of Tanzu Mission Control is its ability to centralize your entire Kubernetes footprint across clusters, teams and clouds. This centralization allows for much more efficient management at scale.
Centralized multi-cluster lifecycle management
Tanzu Mission Control enables automated provisioning and lifecycle management of Kubernetes clusters across different environments. Today, it supports provisioning, scaling, upgrading and deleting clusters in Amazon EC2, with support for vSphere and other public clouds coming soon. It keeps your operational burden low, while providing access to the Kubernetes control plane if you need it, for security or auditing purposes. Behind the scenes the open source technology Cluster API brings declarative, Kubernetes-style APIs to cluster creation, configuration, and management.
Check out this demo showing you how to add your AWS EC2 account to Tanzu Mission Control and provision new clusters.
Attachment of any CNCF-conformant clusters
In addition to provisioning clusters, Tanzu Mission Control also allows you to attach any CNCF-conformant clusters to the platform no matter where the clusters are running—on-prem, in public clouds, through various Kubernetes vendors such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), OpenShift, and at the edge. You now have your entire Kubernetes footprint under one single control point.
Existing clusters from different environments are attached to Tanzu Mission Control for centralized management
Centralized policy management and governance
Another unique feature of Tanzu Mission Control is its ability to group your clusters and namespaces across clouds for efficient policy management at scale. It allows you to group your clusters into Cluster Groups so you can easily apply policies to a fleet of clusters instead of using the old cluster-by-cluster approach. In addition, we have introduced a new concept called a Workspace, with which you can group namespaces together across multiple clusters for applying policies at scale. Currently Tanzu Mission Control supports the enforcement of access, image registry, and network policies, with more policies—like backup and recovery and pod security policies—coming soon.
Check out the demo below to see how to apply access policy to a group of clusters using Tanzu Mission Control.
Global observability and diagnostics
With Tanzu Mission Control, you can view the health of all your clusters and workloads from a centralized point, for quick diagnosis and troubleshooting. For more advanced troubleshooting, you can also use third-party observability and monitoring solutions with Tanzu Mission Control, such as Prometheus or Tanzu Observability by Wavefront, to get more deeper insights.
Tanzu Mission Control visualizes the health status of your Kubernetes components
Enable your developers with easy access to Kubernetes across clouds
With Tanzu Mission Control, Kubernetes operators can easily enable developers with self-service access to clusters and namespaces running in multiple clouds with its support for quick provisioning of new clusters across clouds. In addition, it also includes features to help really streamline such enablement.
Application-centric policy management
Modern applications today leverage microservices which may reside at different places on-prem or in clouds. This is why we introduced the Workspace concept to help you group different namespaces running in multiple clusters across multiple environments together. Such an application-centric approach really comes in handy when you manage your Kubernetes from a developer’s point of view. Operators can apply application-specific policy quickly to Workspaces so that your developers can easily and safely access the Kubernetes namespaces where their applications are running within all the guardrails put in place readily for them.
Instantly grant your developer access to a Workspace via the policy engine
Centralized authorization and authentication with easy access control
Tanzu Mission Control also expedites your developers’ access to Kubernetes through its centralized authentication and authorization and the ability to federate identity from multiple sources, such as AD, LDAP, and SAML. It uses VMware Cloud Services to manage access, allowing you to set up federation with your corporate domain. Your developers can use your organization's existing single sign-on and identity source to sign in to VMware Cloud Services and access the right Kubernetes resources.
Secure your Kubernetes footprint across teams and clouds
Tanzu Mission Control includes some key features to help address enterprise security needs.
Cluster inspection
Cluster inspection is a unique feature of Tanzu Mission Control which can be used as a preventative measure against potential risks. Today, Tanzu Mission Control supports conformance inspection, which validates the binaries running on your cluster and ensures that your cluster is properly installed, configured, and working according to industry standards.
Under the hood of this feature is an open source technology called Sonobuoy, a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in a non-destructive manner. Sonobuoy is the tool that the CNCF uses for its own conformance testing.
Security policies
With Tanzu Mission Control, you will be able to efficiently apply security related policies such as access policies, which allow you to make sure only the right person can access certain resources; image registry policies, which let you prevent unauthorized container images from being pulled and causing security breaches, and; network policies, which enable you to define how pods communicate with each other and other network endpoints to improve your network security. More security related policies are on the roadmap.
In summary, as a centralized Kubernetes management platform, Tanzu Mission Control provides enterprises with a single control point to give developers the independence they need to drive business forward, while enabling consistent management and operations for increased security and governance.
To learn more about Tanzu Mission Control, check out our website, watch these product demos or, and try the Hands-on-lab. If you are interested in talking to our Kubernetes expert for a tailored demo, contact us here.
No Previous Articles
Next
vSphere 7 and Tanzu Kubernetes Grid = Powerful Platform for Architecting Modern Apps
This latest version of vSphere has numerous added features, including native integration of the Tanzu Kuber...
vSphere 7 and Tanzu Kubernetes Grid = Powerful Platform for Architecting Modern Apps
This latest version of vSphere has numerous added features, including native integration of the Tanzu Kubernetes Grid (TKG) to drive adoption of Kubernetes through familiar tools.
Become a Modern Software Organization with VMware Tanzu
The initial, core elements of the VMware Tanzu portfolio are now generally available. With VMware, you now can modernize the applications that matter most and automate the path to production.
Skyline Resolves Production Incidents Faster with Alert-Based Health Dashboards
As members of the VMware Skyline Site Reliability Engineering (SRE) team, we ensure the availability and performance of our production services through obsessive measurement.
Cluster API is a Big Deal. Joe Beda & Craig McLuckie Tell You Why.
The Cluster API is an open-source, cross-vendor effort to simplify cluster lifecycle management.
Cluster API is a big deal. In fact, Kubernetes creators Joe...
Introducing Watch-Proxy: A Beacon to Gather Kubernetes Info for IT Systems
When the systems outside Kubernetes need information about what happens to resources inside Kubernetes, Watch-Proxy, an open source project from VMware, can come in handy.
The security ecosystem for Kubernetes can be confusing. A Sysdig article from July 2019 outlined 33 security tools for Kubernetes. That number has only grown.
Rethinking Security from Scratch: The Case for Shifting Container Security from the Edge to the Core
In this blog post, you will see how new DevSecOps thinking is necessary as we look at the impact a development-led change can have on your operational security.
VMware + Pivotal: Combining the Skills, People and Leadership to Deliver Modern Apps to the Enterprise
Pivotal’s modern applications expertise along with VMware’s sustained engineering excellence and product innovation brings together a deep collection of solutions, skills, and people.
Taking Kubernetes to the People: How Cluster API Promotes Self-Service Infrastructure
Two key goals of Cluster API are to manage the full lifecycle of a Kubernetes cluster, including scaling up and scaling down the cluster, and to give infrastructure providers a common framework.
Visualize the Future, Shape the Present, and Restore the Past with Key Cloud Native Projects
VMware Tanzu solutions are built on key cloud native open source projects—they can be found in our VMware Tanzu GitHub organization at github.com/vmware-tanzu.
Troubleshooting Clusters with Crash Recovery and Diagnostics for Kubernetes
As part of the Tanzu umbrella of open source projects, VMware created a new open source project – Crash Recovery and Diagnostics for Kubernetes (or Crash Diagnostics for short).
Backing Up and Restoring Apps on VMware Enterprise PKS with Velero
Velero 1.1 provides support to back up Kubernetes applications orchestrated on VMware Enterprise PKS. This post details how to install and configure Velero to back up and restore a stateless app.