kubernetes multi-cloud products Tanzu Application Platform

Announcing New Capabilities in Tanzu Application Platform to Enhance User Experience Across Multiple Clusters and Cloud

Earlier this year we launched VMware Tanzu Application Platform to help customers quickly build and deploy software on any public cloud or on-premises Kubernetes cluster. Tanzu Application Platform provides a rich set of developer tooling along with a pre-paved path to production-enabling enterprises to develop revenue-generating applications faster by reducing developer tooling complexity.

We are seeing great customer adoption of Tanzu Application Platform for the benefits it provides in several industries like manufacturing, retail, finance, and many more. For example, Cerner, a health care giant, highlighted that “By utilizing VMware Tanzu Application Platform we’ll be able to uncover some problems and have permanent fixes in place… to keep the joy in programming. We’ll be able to standardize how the application delivery will happen on Kubernetes.” 

Today, we are pleased to announce the general availability of the Tanzu Application Platform version 1.1 that extends the developer productivity and user experience. Learn more about Tanzu Application Platform 1.1 and the seven common developer challenges at the upcoming webinar on May 5 at 10 AM PT .

With the 1.1 release, we are delivering a multitude of new capabilities that enable enterprises to accelerate time-to-value, simplify user experience, build stronger security posture, and safe-guard the investments they have already made. These leading capabilities allow customers to: 

Accelerate workload deployment across multiple clusters and get visibility across environments

Enterprise application teams use multiple Kubernetes clusters across their software development lifecycle including clusters for development, staging, pre-production, and production to meet different levels of progressive testing as workload revisions move across the path to production. To do this successfully, teams need the ability to view a workload across multiple Kubernetes clusters. 

Tanzu Application Platform 1.1 provides the ability to accelerate and secure the path from code to production at scale. With enhanced multi-cluster support, it makes it faster and easier for a Kubernetes workload to travel on the path to production across multiple clusters.

With multi-cluster support, Tanzu Application Platform enables operators and developers to: 

  • Run workloads simultaneously across multiple clusters to enhance application scalability and performance.
  • Promote workloads easily and securely from personalized development environments to production, with any number of environments in between. 
  • Provide visibility of runtime resources across all clusters on the path to production. 

 

Dramatically simplify the platform deployment processes with installation profiles

Enterprises wanting to deploy Tanzu Application Platform can use pre-defined installation profiles to deploy the components required to meet business needs. The profiles have been enhanced in this release to simplify and accelerate the multi-cluster installation process by aligning with the cluster types defined by the Tanzu Application Platform Reference Architecture. They allow users to get started quickly and focus on running their workloads and building secure applications, rather than how to deploy the platform in an optimal way. 

Tanzu Application Platform can be installed through predefined profiles out-of-the-box or through individual packages with the following profiles available: 

  • Full profile contains all of the Tanzu Application Platform packages on a single cluster. 
  • Iterate profile is intended for iterative application development. 
  • Build profile is intended for the transformation of source revisions to workload revisions. Specifically, hosting workloads and software supply chain pipelines. 
  • Run profile is intended for the transformation of workload revisions to running pods to serve applications. 
  • View profile is intended for instances of applications related to centralized developer experiences across clusters. Specifically, the Tanzu Application Platform GUI and Metadata Store. 


To see this in action, watch our demo video.
 

Drive greater agility with software supply chain ability to use pre-built container images

With the release of Tanzu Application Platform 1.0 VMware had introduced the concept of secure software supply chains that relieves developers of the intensive process of editing a “wall of YAML” and automates the application deployment process via a secure software supply chain workflow. This includes out-of-the-box end-to-end supply chains, with components pre-instrumented to work together seamlessly. Being modular by design, operators can use Supply Chain Choreographer (based on open source Cartographer) to adapt these supply chains to their business need, creating organization-specific pre-approved paths to production.  To learn more about supply chain choreography and how to get started with Cartographer, watch this great video.

Tanzu Application Platform 1.1 introduces new supply chains which allow users to leverage container images built outside of the Tanzu Application Platform, in addition to the existing supply chains which build images from source code.

Why is this important? Tanzu Application Platform 1.0 supply chains use Cloud Native Buildpacks to automatically create and update containers from source code using validated building blocks from the community. However, we recognize that many customers have an existing investment in container images built from dockerfiles and we want to enable customers to leverage those investments. Tanzu Application Platform 1.1 enables just that. It allows developers and operators to use their existing ecosystem for faster time-to-market.

To see the new supply chain take an existing container image to a running application in the Tanzu Application Platform, watch this demo video
 

Get instant visualization on workload status as it moves through the supply chain

The new Supply Chain Choreographer (SCC) workload visualization feature enables users to view the execution status of the out-of-the-box supply chains. 

Previously, for users to understand the state of the workload in the supply chain, several command-line interface (CLI) commands were required. The new GUI plugin for SCC in Tanzu Application Platform 1.1 exposes those capabilities visually in the platform GUI. With supply chain data readily available in easy-to-consume visualizations, it also makes it easy for users to pinpoint issues and take remediation actions quickly. 

Here is an illustration of how the out-of-the-box test and scan supply chain is visualized in the SCC plugin through Tanzu Application Platform GUI. (Read here for more information about the supply chain.) 

 

There are two sections within this view that simplify the user experience: 

  • Graph view (at the top) shows all the configured custom resource definitions used by this supply chain and any artifacts that are outputs of the supply chain’s execution. 
  • Stage details view (at the bottom) shows source data for each part of the supply chain that you select in the graph view.

To see this in action, watch our demo video.
 

Build a strong security foundation with consistent RBAC

Different people on app teams have different needs from the platform. For app teams to work and collaborate at scale, we must empower them to work independently. This means setting secure guardrails to access and permissions. Setting proper guardrails eliminates confusion and accidents regarding who has access to what systems and who can perform what kind of functions to a workload or cluster.

RBAC is a mechanism that restricts system access based on a person’s role within the organization. It makes it possible to systematically implement and manage the principle of least privilege across a large, globally-distributed organization running multiple apps in a multi-cluster environment. It saves IT administrative time, simplifies tasks related to managing users and permissions in bulk, and allows compliance for faster audit reporting. 

While the concept of RBAC has been around for some time now, implementing it consistently has become increasingly challenging due to the complexity of modern use cases. With the growth of cloud native technologies such as Kubernetes, a unified approach to RBAC is critical to reducing risk and meeting compliance requirements. In this release of Tanzu Application Platform, we’ve added RBAC to provide appropriate access to workloads, deliverables, supply chains, and continuous integration and continuous delivery (CI/CD) pipelines, including related environments, stages, and workflows.

Tanzu Application Platform 1.1 introduces five new default roles to help enterprises bring consistency in setting up permissions for users and service. The default roles provide an opinionated starting point for the most common permissions users need while using Tanzu Application Platform. However, with Kubernetes RBAC, users also have the flexibility to create customized roles and permissions to meet business needs.

Three of these roles are for users: 

  • App-viewer provides view only access to the user and does not allow to create, edit, or delete a Tanzu workload or deliverable. 
  • App-editor creates, edits, and deletes a Tanzu workload or deliverable. 
  • App-operator creates, edits, and deletes supply chain resources. 

Two of these roles are for service accounts associated with the Tanzu supply chain: 

  • Workload provides the service account associated with the Tanzu workload the permissions needed to execute the activities in the supply chain. 
  • Deliverable gives the delivery service account the permissions needed to create running workloads. 

VMware Tanzu Application Platform default roles are built using aggregated cluster roles and are installed with every Tanzu Application Platform deployment. For an overview of the different roles and what permission they have, see role descriptions. To bind a user or a user group to one of the Tanzu Application Platform default roles, a platform administrator can use the new beta RBAC plugin for Tanzu Application Platform, available for download from Tanzu Network. Platform administrators can also use Kubernetes RBAC for role binding. This CLI simplifies the process for you by binding the cluster-scoped resource permissions at the same time as the namespace-scoped resource permissions, where applicable, for each default role. 

Get started with Tanzu Application Platform 

Start your journey to a superior developer experience on Kubernetes with VMware Tanzu Application Platform, you can build and deploy cloud native applications on Kubernetes in multi-cluster and multi-cloud environments. To simplify the implementation of the solution, VMware has developed a reference architecture. The goal of this reference document is to help provide a standard architecture for deploying Tanzu Application Platform. This reference covers topics such as Kubernetes requirements and cluster layout for the platform in forms of best practices to follow.

To learn more about Tanzu Application Platform 1.1, register for the upcoming webinar on May 5 at 10 AM PT

Contact your VMware account team or reach us at tanzu.vmware.com/application-platform to learn more.