Cloud Native

Seamlessly deploying & managing Kubernetes across multi-cloud (Part 1 of 3)

The impact of cloud continues to be undeniable to both business and IT. Cloud has redefined the relationship between business and IT, reshaping business models, accelerating delivery of new business services, created new models for customer engagement and improved the efficiency and effectiveness of employees.

Figure 1: Challenges with Multi-Cloud

But the cloud market is at an inflection point. Organizations have hundreds or thousands of applications – both existing monoliths and new cloud microservices.  They are all different.  But they are also critical to their business. Longstanding app architectures are giving way to new cloud native models. The worlds of datacenter, cloud and edge are converging. And the diversity of multi-cloud, once viewed as chaotic and complex, is emerging as the most powerful source of innovation.

What Defines the Ideal Cloud Environment?

  • Freedom to build and run applications for ANY environment
  • With development and operations teams collaborating freely
  • Ability to manage diverse environments CONSISTENTLY
  • With applications and data that are secure and protected EVERYWHERE
  • And the freedom to change my mind in the future without PENALTY

Figure 2: The VMware Multi-Cloud Strategy

Only VMware can drive the next generation of cloud, supporting ambitious multi-cloud strategies, for all application initiatives to deliver unprecedented business value. VMware App Modernization delivers the technology to build, run, and manage all of these applications across any cloud, and the team to guide any organization’s application modernization effort.

Figure 3: VMware Cloud Portfolio

VMware offers the complete portfolio for the multi-cloud journey for any enterprise on any cloud. It provides a platform where both legacy and modern apps can co-exist and ubiquitously run across different cloud without re-platforming.

Kubernetes provides an ideal platform for Multi and Hybrid Cloud:

Kubernetes provides the capability for container orchestration, while also facilitating an easy way to encapsulate applications. The Kubernetes management system provides a standardized mechanism for application delivery that is decoupled from the underlying infrastructure and can run in any cloud.  All public & private cloud providers have adopted cloud-native technology and make it possible for running applications in a standardized manner across a multi-cloud infrastructure.

Modern developers can now leverage Kubernetes APIs in multi-cloud environments anywhere in the world to deploy their applications. Kubernetes has energized the software industry’s need for productivity, efficiency, by leveraging cloud-native technology available anywhere across public and private clouds.

The Solution:

This solution show cases a multi-cloud deployment of a distributed application leveraging Tanzu Kubernetes Grid. The multi cloud TKG solution is deployed in a distributed fashion across two different cloud environments that includes a VMC on AWS SDDC in Oregon and VMC on Dell EMC SDDC in Santa Clara. Tanzu Mission Control and Tanzu service mesh described below are used to operationalize, secure and manage the environment.

Tanzu Kubernetes Grid:

Things get complex while running tens of thousands of containers across your enterprise at scale in production. Automation is mandatory for the deployment and management of all those containers on clusters of virtual or physical machines. Kubernetes, the industry-standard for container management, can streamline container orchestration to avoid the complexities of interdependent system architectures. However, there’s still considerable heavy lifting that an operations team must do to stand-up and manage a Kubernetes runtime consistently, while running in multiple data centers and clouds. They must also have the in-house expertise to design, deploy and integrate all the necessary components.

Figure 4: Tanzu Kubernetes Grid logical schematic

Tanzu Kubernetes Grid is engineered to simplify installation and Day 2 operations of Kubernetes across enterprises. It is tightly integrated with vSphere and can be extended to run with consistency across public cloud and edge environments. Tanzu Kubernetes Grid delivers multiple benefits to unlock the full potential of upstream Kubernetes and its burgeoning ecosystem of open-source cloud native technology through:

Simplified Installation

Tanzu Kubernetes Grid is engineered to include the tools and open-source technologies needed to deploy and consistently operate a scalable Kubernetes environment across VMware private cloud, i public cloud, edge, or encompassing multiple clouds.

Automated multi-cluster operations

With declarative, multi-cluster lifecycle management, a CLI tool, and streamlined upgrades and patching, Tanzu Kubernetes Grid helps enterprises easily manage large- scale, multi-cluster Kubernetes deployments and automate manual tasks to reduce business risk and focus on more strategic work.

Integrated Platform Services

Tanzu Kubernetes Grid streamlines the deployment of local and in-cluster services to simplify the configuration of container image registry policies, monitoring, logging, ingress, networking and storage, and ready the Kubernetes environment for production workloads.

Open-Source Alignment

Containerized applications can be run on an upstream-aligned Kubernetes distribution and key open-source technologies like Cluster API, Fluentbit, and Contour, enabling portability and the support and innovation of the global Kubernetes community.

Where does Tanzu Kubernetes Grid run?

Figure 5: Private Cloud Datacenter

Private cloud

With Tanzu Kubernetes Grid Service integrated with vSphere, existing data center tooling and workflows can be leveraged to give developers on-demand access to conformant Kubernetes clusters in the private cloud and managing cluster lifecycle through automated, API-driven workflows.

Figure 6: Public Cloud Infrastructure

Public cloud

Tanzu Mission Control can be used to enable development teams to quickly spin up managed Kubernetes clusters in their public cloud accounts, while operations maintain access to the control plane for security and customization.

Figure 7: Edge Computing Infrastructure


Tanzu Kubernetes Grid’s open architecture enables lightweight deployments and streamlined multicluster operations in highly distributed edge environments, like retail remote site locations.

Tanzu Service Mesh:

Tanzu Service Mesh provides consistent connectivity and security for microservices across all Kubernetes clusters and clouds in the most demanding multi-cluster and multi-cloud environments. Tanzu Service Mesh can be installed in Tanzu Kubernetes Grid (TKG) clusters and third-party Kubernetes-conformant clusters. It can be used with clusters managed by Tanzu Mission Control (i.e., Tanzu-managed clusters) or clusters managed by other Kubernetes platforms and managed services.

Figure 8: Tanzu Service Mesh provides security across multi-cloud Kubernetes

What Makes Tanzu Service Mesh Different?

Beyond its multi-cloud focus, one of the other differentiating characteristics of Tanzu Service Mesh is its ability to support cross-cluster and cross-cloud use cases via Global Namespaces (GNS). A GNS abstracts an application from the underlying Kubernetes cluster namespaces and networking, allowing you to transcend infrastructure limitations and boundaries, and securely stretch applications across clusters and clouds. Global Namespaces allow you to have consistent traffic routing, application resiliency, and security policies for your applications across cloud siloes, regardless of where the applications are running.

By enabling and delivering true multi-cloud capabilities, GNS can offer improved agility, business continuity, visibility, and better security for your modern applications.

Figure 9: Tanzu Service Mesh & Global Namespaces

In addition to providing an abstraction for applications, GNS also provides strong isolation that can be used for multi-tenancy model for application teams and business units. Each of these groups can have as many GNSs as they need for their application. More about GNS can be found at “Using Global Namespaces to secure multi-cloud applications”.

Figure 10: Onboarding Clusters on Tanzu Service Mesh

Tanzu Service Mesh can also automate and simplify the installation and lifecycle management of the service mesh bits running inside your Kubernetes clusters, while maintaining intended configuration values. One can also “move” application services without having to change anything in the application itself, which brings the idea of multi-cloud or hybrid-cloud workloads to life. This cross-domain/cross-cloud communication requires additional security considerations, so GNS encrypts the traffic, end to end, between the services across clusters and clouds.

In part 2 of the blog we will look at the components of the Multi-Cloud solution and their deployment.