K8s Managed By Tanzu Mission Control 2022

Google sponsored project Borg to the Cloud Native Computing Foundation (CNCF) in 2016. Consequently, Kubernetes became one of the most thriving open-source projects in the history of IT. After the usual movement through the hype cycle of Container Orchestration technologies, K8 is now mature and ready for enterprise grade production environments.

Also, many platforms like VMware with Tanzu, Red Hat and OpenShift or AKS by Azure, exist. These cloud providers offer their flavored K8s products, that fit into their ecosystem and heavily rely on automation and security.

Now, companies that adopted the K8s stack and started operating microservices arrive at new challenges. For example, managing multi tenancy and multiple cluster environments.

So, Tanzu Mission Control (TMC) is a relatively new product which offers diverse functions to supervise these environments in a single pane of glass. It reached General Availability on June 4, 2021. … and I already stressed that out, but more about hands-on soon.

TMC – High Level

Kubernetes – How It Works

Container Images are built via docker or any OCI compliant scheme. Kubernetes itself orchestrates the provisioning of containers with its components and offers massive functionality through vast integrations.

PODs, the smallest unit in K8s, regularly part of a deployment, contain one or more containers which start and stop together.

Master-Nodes handle the magic, and Worker-Nodes offer resources for diverse apps contained in namespaces, often as a deployment. Converged test environments with one consolidated Master/Worker Node are possible too.

https://kubernetes.io/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro/

Finally, to provide reliable services to customers outside the K8s cluster, you need to integrate a (cloud) load balancer. Subsequently, you can provision services Type Cluster-IP and Ingress Controller.

The performance benefit regarding bare metal K8s cluster vanish after considering scaleability. So, virtualized K8s clusters is mostly the way.

Overall, K8s uses the desired state principle. You typically describe this state in YAML files.

Whiteboard

It associates with the military flavored OODA loop. But this is out of scope today as well.

What About The Integrations?

Many catalogs with building blocks, like official vSphere with Tanzu documentation, GIT repos and the CNCF projects, exist. These are, for example, Helm, Contour, Velero, Tanzu Extensions and an incredible amount more.

In addition, the deployment of a private Container Registry like Harbor is typically the first step after getting the K8s stack up and running. You store the container images and other objects in a registry, which your K8s cluster uses to retrieve container images from. Basically, after an established trust. (Certificates/Secrets)

Adapt the Lego mindset because Kubernetes and Containers are as modular as building blocks. Finally, don’t forget to bring your growth mindset, failure is an opportunity to grow. In the end, a painful and exciting cloud native journey awaits you.

What About Tanzu?

The VMware Tanzu Suite makes Kubernetes Cluster Deployments “Boring” (Tanzu for Kubernetes Operations — TKO). Tanzu Kubernetes Grid (TKG) is a flavored product with multiple extensions like TAP, TAC and TAS. It orchestrates not container but Tanzu Kubernetes Cluster itself and apps. The prime goal is that developers can focus on building that code.

To understand the TKG terminology better, I refer to the veducate Blog article.

These presently TKGs, TKGi and TKGm editions have very diverse architectures and a lot of modularity, especially TKGs with vDS and NSX-T. There will be considerable changes in the near future. (TKG 2.0)

Tanzu Community Edition for free.

Personally, I made numerous experiences with the vSphere with Tanzu stack (TKGs). TKGs and the Supervisor Cluster for lifecycle Management gets the vSphere Admin excited.

Of course, the complexity depending on Cluster API and K8s itself makes it hard to learn. But it is relatively convenient if you are already experienced with vSphere, vSAN and Networking. Essential book tip, thanks Cormac Hogan: kubernetes-for-vsphere-administrators

With TMC, you have a GUI besides the vCenter only, that makes life easier as an vSphere Admin as well.

Tanzu with TMC integrates well into vCenter, vSAN, NSX-T, AVI-LB, vRealize Automation, Operations, vCloud Director and many other VMware products.

Cluster API

You can easily deploy and govern multi cluster environments and manage them with TMC (included in Tanzu Standard Add-On for vSphere).

Tanzu takes care of the K8s stack and base image provisioning and much more.

Multi-Cluster Management: Access TMC

Not just Multi-Cluster, but also Multi-Cloud. Attach different cloud environments and use backup / DR targets. There are sometimes requirements that data is kept On-prem, this is possible with local S3 targets like Netapp Storage Grid or open source MinIO.

I will refer to vSphere with Tanzu (Private Cloud) and Azure AKS (Public Cloud) for examples.

Therefore, TMC itself, is only available as a SaaS Instance on AWS. When Frankfurt finally arrives to select? It is quite foggy :-).

Nevertheless, TMC is a very tangible K8s cloud management plane.

Current TMC Regions (04.08.2022)

Agents in the Kubernetes management or workload cluster pull the configuration from the cloud plane *tmc.cloud.vmware.com via outbound, no inbound connections. As easy as that.

After you selected the organization with the super admin rights, you can assign roles via https://console.cloud.vmware.com

You made it! Let’s have a look at the cloud plane:

You can attach, manage and group K8s Cluster and Namespaces

In the VMware cloud console, you have additional security and access related possibilities. Like Active Directory integration or Two-Factor Authentication.

Another possibility is to generate an access token and connect via Tanzu CLI or API.

Features Overview

https://tanzu.vmware.com/mission-control

Lifecycle and Configuration Management

Manage/Attach different clouds like Azure with AKS and subsequent clusters. Create, Update, Delete K8s cluster with great visibility.

Furthermore, you can easily scale or replace the individual K8s nodes. More and more AI accelerators are integrated, like Nvidia GPUs for a “GPU-Nodes Class” in vSphere with Tanzu.

VMware + NVIDIA KI-fähige Plattform
https://www.nvidia.com/de-de/data-center/products/ai-enterprise/vmware/

Compliance / Policy Engine

Many types of adjustable policies like network policies can be attached to clusters (groups) and namespaces. As always, it depends.

Data Protection

Velero is the open-source standard for backups in TMC. It is included in the subscription. TMC manages and configures the Velero agents.

A compatible S3 Object Storage, providing backup / disaster recovery target buckets, is mandatory for the Velero (+Restic). Other companies like Veeam with Kasten allow for NFS usage to save your cluster objects and persistent volumes.

You can one-click install Velero with TMC and start scheduling backups in the Cluster overview by “Enable Data Protection”. Be aware that you need a compatible S3 target / bucket and also a valid configuration. These S3 targets are centrally managed in TMC administration plane. Certificate Management is important and tricky in this case as well, not all features are available in the GUI yet.

https://velero.io/

Licensing

Available as one or three-year subscription (SaaS).

TMC is included in vSphere with Tanzu Standard and in new vSphere + Edition. Or you directly license your K8s cores for TMC.

Trial for Cloud Providers / PoC

Register a Tanzu Management Cluster

This could be for example a vSphere with Tanzu Supervisor Cluster (HA+DRS) built upon ESXi Enterprise Plus Nodes. In this case, the Supervisor Cluster is the Management cluster.

Roadmap

Tanzu Mission Control Starter Edition has been announced, but I think it’s not widely available.

Furthermore, several new features, like restoring with Velero to another K8s Clusters by the GUI, will be released soon.

I will follow up with hands on and more in depth configuration in the next article.

So stay tuned… and thanks for reading.

Kubernetes Storage Made Easy

vSphere with Tanzu, the easy and integrated way to use Kubernetes in Enterprise environments, is getting a lot of traction currently. One of the main benefits of this solution is the transparent way to consume already existing storage resources.

So, this article describes the different possibilities and essential features that enable consuming persistent storage in your container applications based on Kubernetes.

Top Trends of Our Customers
Result of my presentation poll – interface workshop 02/22

The Tanzu Way

In fact, Tanzu arrives in different editions. Enterprise Plus is mandatory for your ESXi base cluster. In addition, an add-on, with currently three available Tanzu editions: Basic, Standard and Advanced, makes everything possible. Then you enable Tanzu Workload Management in vCenter.

Thus, some requirements exist, like a supported & configured networking and load balancing solution. Furthermore, a lot of different architectural possibilities and design decisions have to be resolved.

Anyway, you need storage resources to provide persistent storage for on one hand your supervisor cluster and on the other your workload clusters for your modern application landscape.

Tough Tanzu means you can operate virtual machines besides Kubernetes clusters with the same interface, resources, and transparency like you have done it for years. Finally, this is the way to your on-premise hybrid cloud environment.

vSphere Storage Resources

Basically, all types of shared storage in vSphere are also supported in Tanzu. On one hand, you got the NFS Shares (NAS), FC or iSCSI LUNs (SAN), the exotic vVOLs (SAN/NAS) and on the other the fully integrated way via. vSAN (HCI) with special features on top.

A mandatory part for usage of storage in Tanzu is the proper configuration of a Storage Policy. Depending on the type of storage, you can utilize various adjustable policy-based features like IOPs limits.

Of course, you can create countless different storage policies and create your own schema to provide an exact fulfillment of your requirements. Besides, people like to call it Gold, Silver, and Bronze depending on the performance and availability demands.

Provisioning Storage for Tanzu Guest Cluster

The consumption of storage in Kubernetes is straightforward through the abstraction and automatic conversion of storage policies to storage classes.

Storage classes are what you consume in Kubernetes to provide your persistent volumes through persistent volume claims.

Actually, vSphere provides an effortless way to group workload clusters into vSphere Namespaces. The vSphere admin has full governance and furnishes these namespaces with the appropriate resources for the developer.

Besides access policies through vSphere single sign on (SSO) you also attach your storage policies to the vSphere namespaces, and you are ready to rock.

Homelab: Fresh Namespace “test-01” with two policies attached (red-box)

Maximum Integration with vSAN

Maximum integration and availability through awesome features that come with vSphere and vSAN 7 U3!

vSAN is now capable of supplying NFS and SMB file services in an easy and automated way. These file services now are fully integrated in vSphere with Tanzu. They provide read write many volumes (RWX) for container services.

This is a giant leap forward to make the life cushier for the vSphere admin and the developer. Different containers can read and write into the same persistent volume (PV).

Moreover, vSAN stretched cluster / fault domain functionality works for Kubernetes environments and is partially supported. VMware’s R&D is working heavily in the background, designing and providing new features as soon as possible.

Homelab: Workload enabled vSAN Stretched Cluster with red annotations

Media, Resources, and Call to Action

Do you want to hear more? In September 2021, we launched our Podcast (German):

burn 4 IT

Thanks to the best colleagues in the world: Jan Philip Hoepfner, Daniel Rusche and many more from Medialine Group, to make that possible.

To sum up, Tanzu is one of our core topics, and we already got different episodes. More in planning and incoming. Every 14 days, a new episode guaranteed.

Find us on all major podcast platforms: Apple, Amazon, Google, …

Finally, we appreciate your feedback, comments, and your thumbs up on our various platforms.

Furthermore, see me and my great fellow workers speaking at our free interface workshop in April 2022. Dresden, Berlin, and Remote attendance possible :).

Link to Agenda and Registration

Get Ready for Next-Gen Networking

We all feel it. The IT world is developing at a rapid pace. Currently, the traditional application sphere is being reinvented. Web 3.0 incoming from many angles. Microservices, distributed systems, scaling, automation and a multi cloud universe heavily rely on networking.

Better, faster and stronger services emerge and make our life easier. New concepts are required and appear on the horizon.

So, I may present you the next iteration of datacenter infrastructure:

SoC (System on Chip) based smart network interface cards (NICs) = DPU

Continue reading “Get Ready for Next-Gen Networking”

Awarded with the vExpert 2021

After a very rough and transforming year of 2020, I am very thrilled to announce that my efforts have been rewarded with the title of vExpert 2021.

Twice a year you have the possibility to apply for this title. So to receive this honor, you have to prove that you are eligible. Furthermore, I had to decide which path to apply for.

Therefore, I had the choice between the customer, partner and evangelist path. Despite my new employer: interface systems GmbH has the highest tier and is a principal partner in data center virtualization, I choose the evangelist path. This was the logical choice because I was working, during the application for vExpert, just four months for this company.

Meanwhile, I am very settled with this company and already confidently advised numerous customers, was speaker on several workshops, contributed in the VMTN forum, blogged and absolved trainings and certifications. A new and exciting world I arrived in.

Currently, there are about 2200 active vExperts, and you can have a look, filter and search for the individual experts here: https://vexpert.vmware.com/directory

Furthermore, I could refresh my implementation expert certification in December 2020 (VCIX-DCV). Now I have all the prerequisites to overmaster the last challenge of becoming one of 300 VMware Design Experts. Just a project with sufficient complexity has to be found :-).

My next articles will be either about new technologies in the VMware realm like TANZU or my other favorite topic: sports. I am currently “getting wintered” like Ross Edgley would say. That means I am training harshly despite the adverse weather. Currently, I am reaching my new height of VO2Max 62!

Constant distance…

Thanks for reading, stay healthy and save!

Last Call For VMworld 2020

This year everything is different, we all have to adapt, improve and overcome the various new challenges. So this year’s VMworld adjusted too. The event starts tomorrow and won’t be hosted on premises in the USA and Europe but exclusively online – featuring world-class tech experts from 29.09. until 01.10.2020.

Let’s focus on the benefits:

  • It has a free part and thus is available for a broader audience
  • No exhausting travel
  • Easier to extract content and create notes

Over 100k people already registered, this is huge.

Continue reading “Last Call For VMworld 2020”

VMWare vSAN Series – Key Features

In reference to my prior article vSAN – High Available Solution this article will give a glimpse overview of what is possibe with vSAN.

My favorite features:

Easy to install and manage. this kernel based solution requires that you have a vSphere environment already in place. Or you go the greenfield approach.

Scaleability – assign/remove single disks to/from diskgroups – go up to 64 hosts / cluster.

SPBM (Storage Policy Based Management) in place has a rich set of options assigneable to indiviual sets of VMs. Defines a redundancy with up to n+3. Furthermore, on top of it a strechted cluster is possible. A configurable IOPs limit keeps away the noisy neighbor.

In addition, Performance – literally – allflash comes with the smallest license. 

Compression/Deduplication/Encryption is sometimes required and can be activated on vSAN datastore layer.

NVME – the super fast PCIe based technology is supported. Therefore simply use this kind of SSD for Read/Write caching. 

Moreover, utilize x86 standard any vendor server hardware, no complex SAN is required for high availability. Compute, Storage and even Network … all in the box. 

Small=Big – start with an allflash two node direct design. No expensive 10Gbit+ switches have to be attached.

Certainly, integrates in Multicloud and Automation – AWS features the vSphere stack.

In conclusion, this architecture is the answer to various kinds of requirements like availability, performance, manageability, security, recoverability, compliance. However well it depends.

I appreciate your top feature in the comments!

Next:

Subsequently, I will write about the “long walk” again. Attendance Mammutmarsch  Berlin – 25.05.2019, 24h – 100km, confirmed.

After one pass and one fail (Mammutmarsch/Megamarsch Munich) the sails have been  set for another exhausting “why in the hell do I do it again” event xD.

I Wish you all the best!

VCAP6-DCV Design its a pass

Hi there,

after passing the VCAP Deploy exam, I successfully passed the VCAP Design exam. Thereby I am now VSphere Certified Implementation Expert Data Center Virtualization 6. (VCIX6-DCV)

Furthermore I tinker with the idea of completing the data center track. Which requires a vast expenditure both monetary and time consuming. The requirement is to successfully submit and defend an original design in front of a panel of experts. In Europe this is just possible in Staines, UK.

This process is far more complex than any other exam that exists in the IT universe. Currently there are just 264 VCDX certified people around the world, collectively over all tracks.

https://vcdx.vmware.com/

Along the way I prepare myself for the NCDA – Netapp Certified Data Administrator certification. Due to my participation at Insight 2017 in Berlin last week I know Netapp and Clustered Ontap will keep me occupied over the next years too. Really awesome data fabric features that will shape both private and public clouds.

BR, Nicolas Frey

VMWorld Barcelona 2017 – DAY 1 and DAY 2

Hi folks,

arrived on Sunday via plane in Barcelona with about a hour delay due to high load at Barca airport. Check in at SB Plaza Europe around 11 pm. The location of the hotel is very nice. The Fira Grand Via (the fair where the VMWorld takes place) is in walking distance.

Next day I was very excited to take part at VMWorld for the first time. Got up very early and did a small workout in the fitness center at the hotel. Went for breakfast and again the coffee was the game changer. In addition the weather was awesome. Therefore I used the remaining time to go to the roof and shoot a picture that makes you jealous.

tldr? -> go for the pictures

Continue reading “VMWorld Barcelona 2017 – DAY 1 and DAY 2”