Home Cloud-native Tanzu is Kubernetes in 'the VMware way'

Tanzu is Kubernetes in ‘the VMware way’

-

VMware has been dabbling with containers and Kubernetes for a long time, starting with VMware Integrated Containers and cumulating with the release of vSphere 7. With this release VMware have finally made Containers first-class citizens. We have previously written about VMware and Kubernetes. This article is not about features and what’s new but is about how VMware’s approach to containers, Kubernetes, and how vSphere 7 can integrate into a DevOps CI/CD workflow.

The release of vSphere 7 marks the first major reworking of VMware’s flagship product since the introduction of ESXi with version 3.5 in 2008. VMware has as already mentioned re-engineering their flagship product to be able to run Containers as first-class citizens rather than the kludgy band-aid solution that was VIC. Today we are going to concentrate on Tanzu, the ‘cogs and sprockets’ of the new paradigm.

VMware Cloud Foundation with Tanzu
VMware Cloud Foundation with Tanzu, Kubernetes the VMware way

Tanzu consists of two pillars, the Tanzu Runtime Services, and Hybrid Infrastructure Services.

  • Tanzu Runtime Services– deliver core Kubernetes development services, including an up-to-date distribution of:
    • Tanzu Kubernetes GridService– which allows developers to manage consistent, compliant, and conformant Kubernetes clusters to build their modern applications.
  • Hybrid Infrastructure Services– include full Kubernetes and REST API access that spans creating and manipulating virtual machines, containers, storage, networking, and other core capabilities. It includes the following services today:
    • vSphere Pod Service– extends Kubernetes with the ability to run pods directly on the hypervisor. When developers deploy containers using the vSphere Pod Service, they get the same level of security isolation, performance guarantees, and management capabilities that VMs enjoy, although it is not fully Kubernetes conformant.
    • Storage service – allows developers to manage persistent disks for use with containers, Kubernetes, and virtual machines.
    • Network service – allows developers to manage Virtual Routers, Load Balancers, and Firewall Rules.
    • Registry service – allows developers to store, manage, and better secure Docker and OCI images using Harbor.

This article will concentrate on the Tanzu Runtime Services.

So what exactly is Tanzu Runtime Services?

Tanzu Runtime Services (TRS) is a part of VMware Cloud Foundation 4.0 and is the maturation of VMware Project Pacific that was introduced at VMworld 2019. This is the framework that the rest of the Tanzu Platform builds upon. At the time of Project Pacific they were called Guest Clusters; this function has been renamed Tanzu Kubernetes Grid Service.

The service provides a consistent, and upstream-compatible implementation of Kubernetes, by compatible we mean in lockstep with mainstream Kubernetes deployments. The service is available in three flavors:

  • VMware Tanzu Kubernetes Grid
  • VMware Tanzu Kubernetes Grid Plus
  • VMware Tanzu Kubernetes Grid Service for vSphere

Although to be fair, looking at the graph below and VMware’s documentation TKG Plus is merely an add on the core TKG product and there are no feature differences between TKG and TKG for vSphere other than the platform it is deployed too.

Red highlights mark the differences:

  Tanzu Kubernetes Grid Tanzu Kubernetes Grid Plus
Infrastructure Platform AWS (excluding AWS GovCloud and China Cloud)

vSphere beginning with v6.7u3 (only supported on vSphere 7 if deployed as a Tanzu Kubernetes cluster in vSphere 7 with Kubernetes…see Deploying Tanzu Kubernetes Clusters for more information)

AWS (excluding AWS GovCloud and China Cloud)

vSphere beginning with v6.7u3 (only supported on vSphere 7 if deployed as a Tanzu Kubernetes cluster in vSphere 7 with Kubernetes…see Deploying Tanzu Kubernetes Clusters for more information)

VMware Cloud on AWS (VMC)

Storage CSI, vSphere Cloud Native Storage, and in-tree providers CSI, vSphere Cloud Native Storage, and in-tree providers
Bootstrap/Provisioning CAPI, CAPV, CAPA, CAPW CAPI, CAPV, CAPA, CAPW
Kubernetes Node OS Amazon Linux 2 on AWS

Photon OS on vSphere

Amazon Linux 2

Photon OS

Container Runtime Containerd Containerd
Container Network Calico versions beginning with 3.0 Calico versions beginning with 3.0
Registry None Harbor
Conformance None Sonobuoy
Backup/Migrate None Velero
Ingress Contour Contour
Authentication Dex Dex
Observability Fluentbit Prometheus

Grafana

Alert Manager

Fluentbit

Table courtesy of VMware

Multi-cloud from the ground up

However what is interesting about Tanzu is that it is multi-cloud from the start, supporting native vSphere, AWS, and VMware Cloud on AWS. It can also integrate seamlessly with GCP service broker and Azure as it is a fully validated Kubernetes platform as defined by the Cloud Native Computing Foundation. And it is this functionality that makes Tanzu so powerful. As not only does it dovetail seamlessly with vSphere. It provides a common platform for your developers to create container-based applications against multiple endpoints.

The final port of Tanzu is the management layer called Mission Control. Effectively a Manager of Managers. The one ring to rule your distributed Kubernetes environment.

Architecture of Tanzu

The original release of Tanzu in April has a significant hardware overhead of at least 7 servers. This was due to VMware having only carried out full regression testing on an environment that consisted of a four-node management cluster coupled with a three-node resource cluster. However this has recently changed and with the release of the following white paper. It now appears that VMware has lowered that requirement to four servers (building out the environment on the management cluster, coupled with a valid vSAN deployment on VSAN Ready Nodes), this means that there are two deployment methods, the Standard Architecture (consisting of 7 hosts) and the Consolidated architecture (consisting of 4 hosts). This also means that the barrier to entry whilst still high (for an environment to be supportable from VMware the hosts must be VSAN Ready) is now significantly lower for a supported environment, but you have the additional risk of installing production resource on the management cluster.

 

Deployment in a vSphere Environment

VMware Tanzu Architecture

The above image shows the logical interaction of TKG with VMware. Close integration with vCenter and NSX-T and V means a standard interface for deployment with common API and a familiar UI

Summary

Summary

Tanzu is more than just VMware Enterprise PKS; which is in actuality Tanzu Kubernetes Grid Integrated Edition. it is now a full container and application stack that is heavily integrated into the vSphere suite of products as a port of VCF. It is this ability to manage your Kubernetes namespaces from the familiar interface of vCenter that gives Tanzu an edge over traditional Kubernetes environments as there is no requirement to learn yet another management system for administration, further, because it is Kubernetes; integration with Infrastructure as Code based deployment paradigms is a simple as providing the relevant providers. The bringing back into the fold of Pivotal into VMware was an inspired purchase. VMware was losing control of the application stack. This has brought them back into relevance. In our next post we will continue our investigation into the Tanzu Ecosphere.

NEWSLETTER

Sign up to receive our top stories directly in your inbox

Join our community to receive the latest news, free content and upcoming events to your inbox.

TOP STORIES