Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Tanzu Mission Control: VMware’s Vision for Unified Environments for Containers and VMs

  • January 9, 2020
  • 13 min read
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.

Introduction

It hasn’t been that long since I told you about VMware Project Pacific, which was announced at VMworld 2019. The latter, as you probably remember, is one of the VMware Tanzu solutions. Since today a lot of enterprises tend to use VMs and containerized applications in their infrastructures, these solutions were developed specifically to build a platform that enables you to work with both.

However, it’s necessary to remember that VMware Tanzu is a broad portfolio of distinct solutions. For simplicity, let’s narrow it down to three separate areas:

  • Building Kubernetes clusters (K8s). These are the products for developers and DevOps teams (Bitnami and Pivotal that have recently been acquired by VMware).
  • Running clusters. It’s primarily VMware Project Pacific that we already know of, which transforms VMware vSphere into a Kubernetes native platform and is set to appear in the next vSphere releases.
  • Managing clusters. Now, the crown jewel of products in this area is Tanzu Mission Control (TMC) that provides lifecycle management for K8s clusters from a single point of control.

TMC provides admins and data center managers with the possibility to create and deploy new apps on the Kubernetes platform, let alone to manage K8s clusters from a single point. That way, say, a developing team just has to request resources via the console, and they’ll be provided quickly and efficiently.

Basically, it appears that TMC’s primary goal is to enable admins to manage Kubernetes clusters regardless of whether they reside in vSphere, already integrated VMware Pivotal Container Service (PKS), OpenShift infrastructures, public clouds, private clouds or any other environment. In this case, VMware is pursuing credibility amidst administrators. It’s quite simple because if they’ll be managing their infrastructures consisting of VMs and containerized apps with one tool successfully, it’s only a matter of time when this management tool becomes as widespread as vSphere.

Another thing to remember is that Kubernetes is still evolving. In other words, users still have to apply different consoles for managing infrastructures in geographically allocated data centers (sometimes it is necessary due to data protection regulations like GDPR). That’s when VMware TMC’s SaaS control plane comes in: it’s able to manage and operate a large number of clusters across different environments and data centers.

What’s available?

TMC provides admins and data center managers with the following options:

  • Creation and deployment of the provisioned K8s on-premise and cloud clusters.

Creation and deployment of the provisioned K8s on-premise and cloud clusters

For example, you can create a cluster in Amazon AWS, select a region, Kubernetes version, and VPC CIDR. You also get to set up a cluster type, whether it would be a development (1 control plane node) or a production cluster (3 control plane nodes, Availability zones).

  • Possibility to attach every existing K8s cluster to the TMC. You’ll need to install a specific agent and verify the connection.

Install a specific agent and verify the connection

After the connection is successful, run the kubectl command in the kubectl command window, the Kubernetes command-line tool.

  • The Cluster Groups option enables you to inherit policies at a group level, rather than having to add policies individually to each cluster.

Cluster Groups

A group of clusters consists of clusters that can exist across the environments with different teams having access to them. Clusters can be moved between groups of clusters.

  • Workspaces provides the ability to apply access controls to an application that resides in multiple different namespaces, in different clusters on different clouds. This function is vital for users working across diverse clusters and namespaces.

Workspaces

Tanzu Mission Control functions as an API-driven platform, enabling the developers to operate Kubernetes clusters with Cluster API. It covers all major work processes, such as creating or updating a cluster, as well as authentication and other service tasks.

At VMworld 2019, VMware introduced an overview of all the different clusters (AKS from Azure, GKE from Google, PKS from VMware, and EKS from Amazon) being managed by the Tanzu MC instance in one unified environment. More specifically, it offers a potentially very promising unified management tool to manage different K8s clusters:

Tanzu MC clusters

If you choose the necessary cloud provider, you can, say, build a new EKS cluster on AWS. Furthermore, you can also add a Cluster Group to enable this cluster to inherit existing policies that are already associated with the group.

EKS cluster on AWS

Once the cluster is deployed, you can see some basic information (Components, Agent, and Inspection) related to the cluster. On an individual worker node, the details about the K8s (kubelet) version, the container run-time and version, and conditions, such as memory and disk pressure, are also available. All the Pods running on the worker node are listed as well.

Components, Agent, and Inspection

TMC provides you with:

  • List of the attached clusters;
  • High-level cluster metadata (allocated resources and availability);
  • List of nodes, namespaces, and workloads of the cluster, also cluster metrics;
  • List of namespaces and workloads of all clusters;
  • Cluster components and nodes state;
  • Health check available on dashboard, which is useful for task monitoring;
  • Conformant status of the clusters.

With TMC, it’s also possible to run various checks for your environment with consequential reports.

As you have probably gathered by now, Tanzu Mission Control is essentially a SaaS-based solution that can attach to different cloud objects (clusters running on vSphere, public clouds, managed services, OpenShift, or DIY cloud implementations). Also, you can basically attach a VMware Essential PKS cluster to VMware Tanzu Mission Control and use the centralized cluster lifecycle management capabilities, or you can use advanced support services of PKS clusters. In general, TMC can potentially manage thousands of clusters, with multiple users working across different cloud and on-premises environments.

VMware Tanzu Mission Control provides a robust set of capabilities that enables admins to manage their infrastructures efficiently and developers to create clusters according to specified requirements.

VMware Tanzu Mission Control leverages:

  • Cluster API for Lifecycle Management;
  • Velero for backup/recovery;
  • Sonobuoy for configuration control;
  • Contour for ingress control.

Policies and future

In TMC, security policies are flexible and can be assigned either to separate clusters or groups of clusters, thereby sharing the responsibility between developers.

TMC, security policies

Today, Tanzu Mission Control is focused primarily on centralized authentication, access control/permissions, and privilege policies, but, in the future, the goal is to extend policies to areas like the image registry, networking, pod security, quotas, etc.

Speaking in terms of security, TMC will be able to verify that your clusters are configured and secure, and apply policies so that specific actions are not allowed to happen in the cluster.

Also, there are certain backup/recovery policies in work so that the admins would be able to make sure that workloads and cluster backups are stored consistently and safely.

Tanzu Mission Control will be integrated into other VMware products and services. Furthermore, a direct connection to Wavefront will be supported (Wavefront provides a full diagnostic and full-stack detail as a SaaS-dashboard integrated into major cloud solutions such as Amazon AWS). You can find more information about Tanzu Mission Control here.

Hey! Found Alex’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!