There’s a recurring theme in my recent conversations with customers—to build modern applications across multiple clouds, enterprises must operate in an increasingly fragmented environment. They are looking for ways to bring order to chaos.
That’s why I’m so excited to see the introduction of VMware Tanzu as a portfolio of products and services to transform the way enterprises build software on Kubernetes. We also announced a tech preview* of VMware Tanzu Mission Control as part of that portfolio, and a way to bring consistency and control to all of your Kubernetes clusters, regardless of where they are running.
The State of Kubernetes
Kubernetes is a great starting point in a modern IaaS strategy for any enterprise. When we started the project, we saw Kubernetes as offering a ‘Goldilocks’ abstraction—something that is low enough level that you can run pretty much any application, but high enough level that it hides the specifics of the infrastructure environment. Over the past few years, Kubernetes has emerged as a standard for distributed infrastructure, and for the first time ever we have a common, open source abstraction that spans the private cloud, public cloud, and edge-based computing environments.
Kubernetes is also something new, and perhaps the greatest value it represents is an opportunity for IT organizations to move from a world of ‘ticket driven infrastructure’ to ‘modern API driven dynamic infrastructure’, better connecting operators and developers.
While this modern API-driven infrastructure provides a rich and capable environment for cloud native applications that are being built by modern enterprises, it introduces a lot of new ‘moving parts’ and day 2 operating issues that IT teams haven’t had to tackle before. How do you create and enforce security policy in a highly fluid environment? How do you make sure that your identity and access control systems are configured? How do you make certain that everything stays properly configured?
These challenges are hard enough to get right in a single Kubernetes cluster, but we don’t live in a world of single Kubernetes clusters:
- The emergence of more robust privacy legislation is forcing enterprises to run more data centers and more Kubernetes clusters. GDPR happened and we expect to see other regions following suit.
- Cloud is happening, but not the way we all thought. Rather than a force of consolidation, we see it as a force of further fragmentation. Enterprises find themselves being forced by policy or circumstance to use multiple providers, and we see significant continued investment in on-premises deployments.
- Kubernetes itself is a ‘leaky abstraction’. The very things that make Kubernetes so powerful, extensible and customizable also create challenges in terms of its ability to support rich security isolation in mission critical environments. Many security groups are forcing IT groups to create separate clusters to offer deeper workload isolation, and as a result the number of clusters under management is skyrocketing.
Introducing VMware Tanzu Mission Control
With VMware Tanzu Mission Control, we are providing customers with a powerful, API driven platform that allows operators to apply policy to individual clusters or groups of clusters, establishing guardrails and freeing developers to work within those boundaries.
A SaaS based control plane will securely integrate with a Kubernetes cluster through an agent and supports a wide array of operations on the cluster. That includes lifecycle management (deploy, upgrade, scale, delete) of cloud-based clusters via Cluster API.
For example, you will be able to attach any VMware Essential PKS cluster to VMware Tanzu Mission Control and use the centralized cluster lifecycle management capabilities because it is a Cluster API-based service. Or you will be able to attach any VMware Enterprise PKS cluster and tap into the rich services provided by VMware Tanzu Mission Control.
A core principle of the VMware Tanzu portfolio is to make best use of open source software. And so, VMware Tanzu Mission Control leverages Cluster API for Lifecycle Management, Velero for backup/recovery, Sonobuoy for configuration control and Contour for ingress control.
A year ago, we launched the public beta of Cloud PKS, a fully managed Kubernetes as a service offering. That has put us on the front lines of supporting thousands of Kubernetes clusters 7×24 and has taught us a great deal. The lessons learned in running Cloud PKS and the Cloud PKS capabilities which customers enjoy are now found in VMware Tanzu Mission Control.
Independence for Developers
We believe that developers need modern API driven infrastructure to do their job. A big part of the success of cloud has been delivering a set of useful services at the other end of an API call. This has enabled teams that adopt a single cloud to move from a world managed by tickets into an API driven, self-service universe.
VMware Tanzu will bring an API driven model to the world of developers building across multiple clouds. It all starts with the provisioning of Kubernetes clusters. We have created a simple, cloud friendly cluster lifecycle management model that offers an ‘easy button’ for the creation and management of Kubernetes clusters. This will feel a little like one of the managed Kubernetes offerings that the cloud providers deliver (AKS, EKS, GKE), but the advantage is that the Kubernetes cluster is fully provisioned into a developer environment and is fully accessible to the developer. This will offer levels of customizability and control that are difficult to accomplish with a cloud provider offering.
Consistency for Operators
In working with customers, we identified an opportunity to put more control at the fingertips of the platform operator or SRE managing a Kubernetes footprint. VMware Tanzu Mission Control’s SaaS control plane will securely connect with, manage and operate a potentially large number of clusters across environments. The hosted control plane works on-premises, at the network edge, or in the public cloud.
You will be able to attach any conformant Kubernetes cluster to VMware Tanzu Mission Control, including clusters running on vSphere, public clouds, managed services, OpenShift or DIY implementations. That’s a degree of neutrality that’s not possible from a cloud service provider, and an openness that is fairly unique to VMware.
Once you have all your Kubernetes managed from one place, you will be able to take many meaningful actions on individual clusters or across fleets of clusters, including (at launch):
- Centralized lifecycle management for VMware Kubernetes clusters. Single click provisioning, upgrade and maintenance for cloud-hosted Kubernetes clusters.
- Unified access management. Manage permissions and map teams’ access to clusters from a single location.
- Cluster health and diagnostics. Monitor the ongoing health of your clusters and identify common issues that may affect their production viability.
- Security and configuration management. Define policies that are enforced across all clusters and manage the configuration of Kubernetes clusters.
- Cluster inspections (driven by the open source Sonobuoy project). Schedule and run routine scans to confirm your clusters and conformant and properly configured.
- Backup and restore (driven by the open source Velero project). Configure backup and recovery capabilities from a central location. Manage not only the backup of Kubernetes, but it’s associated persistent volumes.
- Quota management and resource usage visualization. Assign and manage quotas across your clusters.
Completing the picture
With VMware Tanzu we have a portfolio of products and services to transform the way the enterprise builds software on Kubernetes. As you operate more Kubernetes clusters and applications, VMware Tanzu Mission Control will offer a powerful set of capabilities that allow operators to manage and developers to access a modern, agile, API driven infrastructure.
We are committed to making the power of the upstream Kubernetes community accessible to businesses the world over, and to reinforce Kubernetes’ role as that ‘Goldilocks’ abstraction that brings consistency to a highly fragmented, multi-cloud world.
*There is no commitment or obligation that technical preview features will become generally available.