Wednesday 1 July 2020

Back to Basics - VMware Tanzu Mission Control

Recently started spending some time learning more about VMware Tanzu Portfolio which is broadly categorised into three important aspects (Build, Run and Manage) and on each of these logical layers there are various products and services that fit's in for example VMware Tanzu Application Service falls under the category of Build (Allowing developers for creating the application/ building the code) , RUN (VMware Tanzu Kubernetes Grid - is a multi-cloud Kubernetes footprint that we can run both on-premises in vSphere (vSphere 7 with Kubernetes and vSphere 6.7 ) and also in the public cloud and finally the third logical aspect is to Manage ( Tanzu Mission Control ) for managing kubernetes and containerised applications across multiple clouds.

VMware Tanzu Portfolio Architecture Diagram

Image Source - https://tanzu.vmware.com/tanzu
Dedicated this article to talk more about Tanzu Mission Control and highlighting key points that we need to know about TMC,which falls under the category of Manage when looked into the overall VMware Tanzu Portfolio.
  • VMware Tanzu Mission Control a.k.a TMC provides a single point for teams to manage their Kubernetes clusters, TMC is available as SaaS offering and is accessible via VMware Cloud Services (https://console.cloud.vmware.com/).We can can login via enterprise federation or by using our VMware ID and once logged in we need to get in touch with VMware to get VMWare Tanzu Mission Control enabled for our org.
  • With TMC we can use API Based kubernetes service for centralising cluster lifecycle management across all environments,Clusters in TMC can be either provisioned clusters which are created in TMC and the entire lifecycle (Creation, Upgrades, Deletion) is managed by TMC or We can attach clusters (clusters provisioned outside to VMware TMC ) and TMC doesn't manage the lifecycle of those clusters.
  • Currently Amazon EC2 is the only available option under Provisioned cluster wherein we can specify Cluster Group, AWS Cloud Provider Account (Required when provisioning a cluster in public cloud), Region, SSH Keys, Kubernetes Version and VPC details when creating a new cluster.
  • When Attaching the clusters in TMC we are registering already existing clusters like AKS, EKS,GKE, or any other kubernetes cluster with VMware Tanzu Mission Control Service so as the required cluster agent extensions can be installed on those clusters and the connection can be verified.
  • The overall TMC architecture is govern via the policies which are applied to the organization > cluster groups and cascade down to the clusters, and there are majorly three types of policies in TMC 1) Access policies which helps us provide the role base access control to overall hierarchy 2) Network policies which helps us to restrict network communications defining how pods communicate with each other, by default there isn't any restriction and network policy is defined in TMC and 3) Image registry policies for restricting image registries from which images can be pulled by default TMC doesn't impose any restrictions.