Containers are becoming the standard for hosting applications, and developers now demand containers as part of their software deployment workflow. Since Kubernetes has become the industry’s defacto standard for orchestrating containers, VMware’s strategy for supporting containers includes integration with Kubernetes as part of a solution branded Tanzu.

VMware has designed Tanzu to help administrators run Kubernetes on top of VMware vSphere while meeting specific application requirements for computing resources.

Tanzu is offered in 3 editions, Basic, Standard, and Advanced, available for selection depending on clients’ requirements. This article explains the differences between the different editions of Tanzu, outlines its benefits, presents the best practices for administering it, and provides basic instructions for getting started.   

VMware Tanzu Key Components

Tanzu runs on top of VMware vSphere, the popular hypervisor solution. The integration between vSphere and Tanzu is at the ESX hypervisor level since VMware’s vSphere runs directly on the hardware. This is especially relevant in cases where the VMware cluster uses vSAN and NSX.

Containers

The idea behind containers is to create code that can run on different operating systems platforms. This approach helps decouple code from the underlying operating system components and dependencies.

Containers are similar to virtual machines in that they host applications, sharing the operating system resources. The main difference is that containers are lightweight and include all the low-level software libraries and dependencies required by the hosted application to run. This design feature enables containers to be portable between platforms, including on-premise and cloud environments.

Kubernetes

Kubernetes orchestrates containers. Consider large environments with hundreds or thousands of ephemeral containers posing an operational challenge for administrators who attempt to manage such an environment. Kubernetes automates many aspects of managing a container throughout its lifecycle, such as secure deployment, scaling, and termination.  

vSphere with Tanzu

VMware’s Tanzu platform is VMware’s approach to integration with Kubernetes. Each Tanzu edition covers a different scope of container management ranging from container networking to container monitoring and supporting service mesh.

vSphere Pod

A vSphere pod is essentially a Kubernetes Pod which is a group of containers. Kubernetes adds to or removes containers from a pod to support a varying application workload. 

Tanzu Kubernetes Cluster

The Tanzu Kubernetes Cluster contains the open-source Kubernetes project configured to run on VMware.

vSphere

vSphere is VMware’s virtualization solution for running virtual machines. vSphere includes the well-known ESXi hypervisor, vCenter Server, High Availability (HA), and Distributed Resource Scheduler (DRS) technologies.

Key benefits of Tanzu for IT admins

Tanzu’s value proposition is that IT administrators can manage the Kubernetes components via the familiar vSphere client user interface. IT admins can choose where the various Kubernetes clusters run and control how they access hardware components. 

Tanzu enables admins to create namespaces and configure each namespace’s CPU, memory, and storage limits (known as quotas). This concept is similar to a vSphere resource pool. Each team of users can then be assigned to a vSphere namespace with administrative autonomy.

Developers can utilize the namespaces to build various workloads from virtual machines to containers. Users can provision containers inside a “pod VM” or configure the Tanzu Kubernetes Grid service to host an entire Kubernetes cluster.

With Tanzu, DevOps teams can independently provision containers, while IT admins can control how the VMware cluster resources are utilized. Since the Kubernetes clusters run on the same vSphere platform, both the VMware and Kubernetes teams co-exist on the same hardware platform, which speeds up provisioning and eases parallel administration.

VMware vSphere configured with Tanzu to host containers managed by Kubernetes (source)

How Tanzu Integrates with vSphere

vSphere integrates the Tanzu functionality such that it can control its configuration from a standard vSphere user interface.

Diving deeper into Tanzu and vSphere Integration

Tanzu and Networking: Tanzu is bundled with the VMware NSX network load balancer to ensure the high availability of the Kubernetes control plane and container workloads. Tanzu also comes with HA Proxy support and an integrated deployment wizard as an alternative to NSX.

Tanzu Storage: Tanzu tags the datastores that support the Kubernetes cluster. This approach simplifies the logistics of storage assignments.

Tanzu Compute (CPU): The Tanzu services run directly on the ESX hypervisor and initialize during installation. This design has the advantage of using all the standard vSphere technologies ranging from High Availability (Protecting against physical server failure) to dynamic resource scheduling (DRS) and automatically distributing workloads amongst cluster nodes.

All modern installations of vSphere are Tanzu-ready, meaning that you can get started with Tanzu without upgrading your vSphere environment. Furthermore, Tanzu works alongside existing vSphere workloads meaning that you can operate your existing VMware workload and add Tanzu to the cluster.

Tanzu can be added to an existing VMware cluster (source)

Tanzu Editions Compared

Tanzu is available in three different packages. All flavors of VMware Tanzu support basic Kubernetes deployments; however, if you require multi-cloud support and advanced features such as application catalogs, then you’ll need to consider the advanced offering.

The table below shows some of the most discussed Tanzu capabilities and their availability in each package (source).

Feature
Tanzu Basic
Tanzu Standard
Tanzu Advanced
Developer framework
Yes
Application Catalog
Yes
Container Build
Yes
Container Registry
Yes
Yes
Yes
Service Mesh
Yes
Monitoring
Yes
Yes
Policy Management
Yes
Yes
Container Networking
Yes
Yes
Yes
Load Balancing
Yes
Yes
Yes
Kubernetes Runtime
Yes
Yes
Yes
Access Management
Yes
Yes
Yes
Lifecycle Management
Yes
Yes
Yes
Operating System
Yes
Yes
Yes
Data Protection
Yes
Yes
Multi-Cloud Support
Yes
Yes
vSphere Support
Yes
Yes
Yes

How to deploy VMware Tanzu

As with all modern VMware solutions, Tanzu is relatively easy to set up. Here are the high-level steps for installing vSphere with Tanzu:

  • Subscribe to VMware Tanzu Kuberbetes content library.
  • Setup HA proxy for management cluster and control pane (also used for load balancing container applications).
  • Run workload management wizard from vSphere client.
  • Create storage tags.
  • Create a Namespace.
  • Assign permissions to the namespace.
  • Set resource limits on the namespace.
  • Download the kubectl vSphere binaries, which is the Kubernetes command-line interface (CLI).
  • Set up the environment (Control pane & workers) with kubectl.

You can also watch this YouTube video and follow the deployment steps.

Tanzu Best Practices

Before diving into a Tanzu deployment, it’s important to review a few key recommendations.

First, make sure that your application architecture is ready for Kubernetes before you adopt Tanzu. Kubernetes is designed to run applications composed of microservices that can horizontally scale (by replicating containers). If your application is monolithic and based on client-server architecture principles, you must first refactor your application before adopting Kubernetes. In the meantime, you can run containers inside a virtual machine with the need for Kubernetes orchestration and Tanzu.

Kubernetes Platform Selection Factors (source)

Security Best Practices

Security should be at the forefront of your Kubernetes deployment. For example, you should consider container image scanning to detect threats on key container images. Just because your workloads have migrated to containers, it doesn’t necessarily mean that they are more secure.

Before deploying workloads onto your Kubernetes clusters, be sure to harden Kubernetes configurations against the CIS benchmark security guidelines. Using VMware’s Tanzu Mission Control, you can run compliance scans against your cluster configurations. You can find more information on this topic on these documentation pages.

Monitoring Best Practices

Monitoring Kubernetes requires a modern approach. Since the containers are ephemeral, it makes more sense to monitor the application services supposed by the Kubernetes pods than to watch the CPU and memory of each container. A best practice is also to centralize and index the system and application logs to search error messages written to log files easily.

Consider VMware’s vRealize Operations Manager or Wavefront for out-of-the-box container support and automated service discovery. You can find more about vRealize Operations Manager and support for containers in these documentation pages.

Storage Best Practices

When working with containers, you want to select a storage solution that allows flexibility and interoperability with Kubernetes. This consideration means choosing a policy-based storage solution applied at the container level rather than at a LUN or datastore level.

Policy-driven storage solutions such as vSAN allow you to choose performance, encryption, and protection per container. For further information about Kubernetes and vSAN, watch this VMware YouTube video.

Network Best Practices

Ensure that your network layer is flexible enough to integrate with Kubernetes, especially when managing a growing environment. A network solution that integrates with the Tanzu platform is essential for self-service-style automation of container deployment.

Consider a software-defined network platform solution such as NSX, which can interoperate with Tanzu seamlessly. A solution such as NSX for networking, similar to what vSAN does for storage, offers granular and deep integration into Tanzu and Kubernetes. For a demonstration on how NSX-T works with Kubernetes, including a demonstration video, review this VMware blog.

Conclusion

Tanzu integrates Kubernetes into vSphere. This functionality is beneficial if you already have an existing vSphere platform and would like to orchestrate a high volume of containers within the same cluster.

While it’s true that you can use Kubernetes without Tanzu by simply provisioning virtual machines as nodes of a Kubernetes cluster, using Tanzu helps better coordinate administrative responsibilities between VMware vSphere and Kubernetes that coexist in the same cluster.

  • Get More Out of Your vRealize Automation

    vRA has gaps – OneFuse can reduce custom coded integrations, give visibility to flow thru, add governance, and reduce expertise needed!

    Watch Video

  • vRA Research

    Migrating to vRA 8?… Only 2% Have, Why?
    vRA 8 has been out for 2 years, yet adoption has been slow. Read why from your peers in a new survey report!

    Read Survey