Software is a strategic corporate asset. An organization’s ability to innovate and deliver new software-based products and services, quickly and continuously, is its strategic advantage. Often, developers must build their software pipelines on Kubernetes by combining multitudes of parts from infrastructure providers and public clouds, with technologies and tools they have to source from the fragmented cloud native ecosystem. Additionally, with rapid technology development, developers must continuously keep up with frameworks, libraries, and software pipelines, as well as their own setup.
The cloud native model is built on the concepts of DevOps, continuous development, integration, testing, and delivery of production-ready code, microservices, and containers. The cloud native application model suits many workloads, and an increasing number of companies are now born in or migrating to the cloud.
Cloud native is an approach to build and run applications that takes advantage of the cloud computing delivery model. However, while the cloud native development model is attractive to many organizations, it does not fit all application delivery models. As the number of companies with only cloud native applications grows across regions and across borders, they may encounter regulatory standards or policies that require them to build their applications on-premises and in a private cloud for closer governance, control, and data sovereignty.
VMware Tanzu Application Platform is a modular, application-aware platform that provides a rich set of developer tooling and pre-paved paths to production to build and deploy software quickly and more securely on any compliant public cloud, or on-premises, Kubernetes cluster. Tanzu Application Platform lets developers focus on writing code by reducing the complexity of application development processes and delivery mechanisms by providing automated, predefined software pipelines with a secure path to production.
Tanzu Application Platform simplifies workflows in both the inner loop and outer loop of Kubernetes-based app development:
- Inner loop – Describes a developer’s local development environment where they code and test apps. The activities that take place in the inner loop include writing code, committing to a version control system, deploying to a development or staging environment, testing, then making additional code changes.
- Outer loop – Describes the steps to deploy apps to production and maintain them over time. For example, on a cloud native platform, the outer loop includes activities such as building container images, adding container security, and configuring continuous integration (CI) and continuous delivery (CD) pipelines.
Building an application on Tanzu Application Platform
VxRail vSphere multi-zone deployment for high availability
In general, the term availability zone is used in the context of cloud providers, where each zone is a self-contained failure domain separated by some measure of physical locality. Availability zones can host multiple data centers with independent resources such as power, networking, and computing infrastructure. Distributing these resources across multiple infrastructure instances provides redundancy and high availability for workloads running on them.
This context of availability zones can now be extended to on-premises data centers, thanks to the introduction of VMware vSphere availability zones. vSphere is an enterprise-grade workload platform that millions of traditional and modern application workloads are running on. With its goal to provide cloud-like agility and high-availability on premises, VMware launched availability zones with vSphere 8, which provide high availability for Tanzu Kubernetes clusters and workloads running on them. To accomplish this, the supervisor cluster and workload clusters are distributed across zones (i.e., racks of servers within a data center or in different data centers, as long as the latency between sites is less than 100 milliseconds).
At Partner Solution Engineering in the office of the CTO at VMware, we are building a reference architecture that showcases this multi-zone capability. The infrastructure foundation for this architecture is Dell VxRail, which is a product of co-innovation between VMware and Dell that is a curated infrastructure solution for vSphere products. VxRail, powered by Dell PowerEdge server platforms with the latest Intel processors, accelerates and simplifies infrastructure across your entire IT landscape and features next-generation technology to future-proof your infrastructure and enable deep integration across the VMware ecosystem. VxRail manager, natively integrated into vCenter, allows for rapid and automated deployment to single or multiple vSphere availability zones.
The following image depicts the architecture of the three vSphere availability zones on VxRail that vSphere with Tanzu Kubernetes is running on. High availability is accomplished by spanning the supervisor control plane and workload cluster nodes across all three VxRail clusters. However, any single VxRail cluster failure does not affect the control plane or the workloads running on it.
vSphere availability zones on VxRail
The VxRail deployment wizard makes it easy to deploy multiple VxRail clusters to an external vCenter, as shown in the image below.
VxRail deployment or multiple vSphere zones
Highly available cloud native development on premises
Tanzu Application Platform can be deployed with a single or multi-cluster topology, in both data center and multi-cloud environments. In a single cluster topology, all components and profiles are installed on a single Kubernetes cluster. This topology is more suited for proof of concepts or small development environments where high availability is not a critical requirement. For environments where software pipelines require greater resiliency, a multi-cluster approach is recommended.
The multi-cluster topology uses the profile capabilities supported by Tanzu Application Platform. Each cluster adopts one of following multi-cluster profiles:
- Iterate – Intended for inner-loop iterative application development
- Build – Transforms source revisions to workload revisions (i.e., hosting workloads and supply chains)
- Run – Transforms workload revisions to running pods (i.e., hosting deliveries and deliverables)
- View – For applications related to centralized developer experiences (i.e., Tanzu Application Platform GUI and metadata store)
Tanzu Application Platform multi-cluster architecture
Note: Operators have an option to deploy multiple RUN clusters—for example, separate clusters for Development, Quality Assurance, Test, and Production. Implementation depends on organizational requirements.
For the reference architecture that will be published in the coming months, three vSphere zones have been configured. vSphere with Tanzu Kubernetes supervisor control plane and workload cluster nodes have been deployed across the three zones. NSX Advanced Load Balancer provides L4 load balancing and contour, which is installed by default with Tanzu Application Platform, provided ingress for the installed applications. When vSphere with Tanzu is deployed, clusters in each zone get a supervisor control node deployed. The Iterate, Build, Run and View clusters are deployed with three control and worker nodes which are also distributed across zones. This architecture provides highly available control and worker node deployments for Tanzu Application Platform.
The following image shows the actual deployment of vSphere zones on VxRail clusters, supervisor nodes, as well as the namespace and clusters Tanzu Application platform is running on.
Three vSphere availability zones
Accelerated and secure path to production
Inspired by the open source Spring Initializr project, developers get a jump start on developing new applications using application starter templates, also known as application accelerators, instead of starting from scratch. Built by application architects and made available to developers, these templates consist of the skeleton code, configuration and cloud native patterns combined with organization’s best practices, and security policies that save developers significant time in bootstrapping new applications.
Tanzu Application Platform lets developers debug a running container on any Kubernetes cluster, whether running locally or on a managed Kubernetes cluster or cloud, from the integrated development environment itself. The tooling shortens the path for live updates of code changes by eliminating the steps of rebuilding, republishing, and deploying the container, instead directly injecting the updated code to the running container. So developers can test the code changes instantly as they iterate on code.
When iterating on code, developers often need to inspect a running application to analyze the behavior for troubleshooting, debugging, or fine-tuning the runtime configurations of the application. Tanzu Application Platform provides a diagnostic tool, App Live View, for developers to drill into run-time characteristics of an application (e.g., resource consumption, incoming traffic pattern, etc.). This also allows them to change parameters such as log levels and environment properties to troubleshoot running applications.
VMware Tanzu Developer Portal provides easy workload and application visibility to application teams, delivering a consistent and unified experience atop any Kubernetes. Tanzu Developer Portal is an internal developer portal, built on Backstage, that simplifies how enterprise software organizations coordinate, collaborate, and execute across multiple teams and business units; and has been the developer interface for Tanzu Application Platform since its first release. Application teams can see what users are working on and get deeper insights into workloads, applications, and the pipelines they are running through.
Tanzu Application Platform includes the entire end-to-end supply chain, with its components pre-instrumented, to work together seamlessly out of the box. A streamlined golden path to production with a set of strong, best practice defaults reduces friction, by eliminating many decisions that teams would normally have to make when building the platform from the thousands of possible combinations of technologies available in the Kubernetes ecosystem.
The supply chain choreographer (SCC) workload visualization feature enables users to view the execution status of the out-of-the-box supply chains. With supply chain data readily available in easy-to-consume visualizations, it makes it easy for users to pinpoint issues and fix them quickly.
Software pipeline visualization via developer portal
Intrinsic security enables a more secure software supply chain by inserting features for signing, scanning, and storing along the path to production. Scanning introduces source and image scanning capabilities along the path to production that will block the next set of activities if common vulnerabilities and exposures (CVEs) are identified. Image signing allows application operators to sign images at time of build or post-scan completion, and verify signature integrity, to increase trust in image provenance. Metadata store gives application operators a single location for storing all supply chain metadata, starting with image, package, repo/source, and CVEs, to allow more advanced automation and intelligence (e.g., deploy time policies, continuous monitoring for new CVEs, etc.).
Vulnerability scanning
Inner-loop demonstration
Outer-loop demonstration
With Tanzu Application Platform on VxRail, you can build and deploy cloud native applications on Kubernetes on-premises that can be extended to any cloud. Tanzu Application Platform unlocks developer productivity enabling development teams to rapidly develop applications without disrupting their familiar workflows. It automates app deployment with a pre-wired secure path to production that is customizable so application teams can bring their own opinions.
Tanzu Application Platform embodies DevSecOps for a smooth and secure path to production by establishing a clear separation of concerns between development, security, and operations. Tanzu Application Platform provides secure software supply chains with continuous vulnerability scanning, container image verification at time of build, and pre-set policy enforcement. The platform introduces new supply chains that allow users to leverage container images built externally, in addition to the existing supply chains that build images from source code. This lets developers and operations use their existing ecosystem for faster time to market and safeguards the investments enterprises have already made in tooling. The platform reduces risk by providing a secure mechanism to connect to shared data, messaging, and business services (with service claims and service bindings).
Dell VxRail delivers a turnkey experience and is a fully integrated, pre-configured, and pre-tested solution. Tanzu Application Platform on VxRail is a future proof solution that simplifies the customer transformation journey for modern applications. Whether its a move from legacy to cloud native applications, repatriating cloud native applications to on-premises private cloud, or architecting distributed applications on multi-cloud environments, Tanzu Application Platform on VxRail is the all-encompassing solution.
Learn more
Start your journey to a superior developer experience on Kubernetes today! To learn more, contact your VMware account team or reach out to us!