Tanzu Service Mesh and Global Namespaces

April 2, 2020 Niran Even-Chen

Tanzu Service Mesh, previously called NSX Service Mesh, is VMware’s unique entry into the service mesh arena that was recently made available for purchase.  

One of the primary constructs of Tanzu Service Mesh is the concept of a Global Namespace (GNS). GNS allows developers using Tanzu Service Mesh, regardless of where they are, to connect application services without having to specify (or even know) any underlying infrastructure details, as all of that is done automatically. With the power of this abstraction, your application microservices can “live” anywhere,  in any cloud, allowing you to make placement decisions based on application and organizational requirements—not infrastructure constraints. This higher-level abstraction lets you continue to deploy multiple Kubernetes clusters for multitenancy, availability, or separation of stateful and stateless workloads while providing connectivity to and between them as if they were a single cluster. 

You can also “move” application services without having to change anything in the application itself, which brings the idea of multi-cloud or hybrid-cloud workloads to life. This cross-domain/cross-cloud communication requires additional security considerations, so GNS encrypts the traffic, end to end, between the services across clusters and clouds.

In GNS, we group the services that compile our application into a “sandbox.” These services can exist in multiple Kubernetes clusters and even clouds. By grouping the services into this “sandbox,” we abstract the application from any underlying infrastructure details, allowing us to apply service mesh capabilities such as service discovery, identity services for mTLS, auth policies, and other features to the abstracted application and not to the services. 

A demo is almost always the best way to highlight new functionality, so we have prepared one to illustrate the capabilities of Tanzu Service Mesh. In this demo, a Global Namespace is created to deploy an abstracted application framework across clouds and Kubernetes clusters. We also show how easy it is to onboard new clusters to our service and build a new GNS to establish its service discovery and encryption capabilities.

The application used for the demo is called Acme Fitness. It can be found here.

To learn more about service mesh broadly and the capabilities of Tanzu Service Mesh specifically, download Service Mesh for Dummies. It provides an introduction to both service mesh concepts and the features of Tanzu Service Mesh.

About the Author

Niran (@niranec on Twitter) is a Principal SE in the Office of the CTO at VMware. He devotes his time helping Enterprise and global customers in their journey to multi-cloud and application modernization. In addition, Niran is a frequent speaker at industry events and conferences including VMworld, VMUGs, SQL Saturdays and more.

More Content by Niran Even-Chen
Learn How to Build Applications on Kubernetes at VMware’s KubeAcademy
Learn How to Build Applications on Kubernetes at VMware’s KubeAcademy

This new KubeAcademy course teaches developers how to how to build applications on Kubernetes.

Learn How to Configure and Leverage Kubernetes Cloud Providers at KubeAcademy
Learn How to Configure and Leverage Kubernetes Cloud Providers at KubeAcademy

KubeAcademy from VMware has launched a new course called Integrating with Cloud Providers.