The Cloud Foundry project has been working with containers since 2011. We’ve been running containers in production since the initial commercial product launch—first with Warden, then Garden, and now Garden-runC.
Most recently, we launched Tanzu Kubernetes Grid Integrated Edition, production-grade Kubernetes that allow enterprises to reliably deploy and run containerized workloads across private and public clouds. TKGI eases Day 2 operations burdens for container orchestration with built-in high availability, monitoring, automated health checks, and more.
Pivotal (now part of VMware) was a founding member of the Open Container Initiative (OCI), a lightweight, open governance structure (project), formed in 2015 for the express purpose of creating open industry standards around container formats and runtime. The OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.
VMware’s work with containers is completely aligned with the purpose of the OCI. The first important milestone was to adopt OCI runC as Cloud Foundry’s core container runtime. All applications on Pivotal Web Services and all supported versions of Tanzu use runC. Learn more about OCI and Pivotal (now part of VMware).
Cloud Foundry’s elastic runtime is a proven solution for container orchestration, scaling today to nearly 250,000 containers in a single cluster. VMware Tanzu Application Service is a complete platform that takes payloads from developers—either as compiled artifacts like jar and war files, or as pre-built container images—and provides a complete system to schedule and run these payloads.
Tanzu provides all the auxiliary services of a platform (e.g., load balancing, high availability, auto scaling, and unified logging). Developers can deploy (and redeploy) their apps manually using the
cf push command. Increasingly, teams want to automate this process with continuous integration/continuous delivery (CI/CD) pipelines.
Tanzu utilizes containers extensively (after all, VMware is an active contributor and supporter of the OCI). However, containers are only a part of the system. Tanzu orchestrates containers with ease—and of course, a cloud native platform is much more than container orchestration. Tanzu includes many sub-systems acting together to coordinate, monitor, and support containers.
Cloud Foundry’s secure containerization is also part of a platform-wide, industry-leading security system for protecting apps in the cloud. The addition of AppArmor (a Mandatory Access Control System (MAC) and part of the mainline linux kernel that restricts a given program’s access inside a container to system resources like network, disk, etc.) and Seccomp (a Secure Computing Mode that is also part of the mainline linux kernel and restricts the set of system calls a program inside a container can access) to Tanzu’s existing container security and platform security, together with practices like Rotate, Repave, and Repair, can combine for dramatic improvement to default security postures and operational security.
component of a cloud-native platform