- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
VMware Tanzu (previously Pivotal) brought containers and container management services to vSphere. The VMware Tanzu Kubernetes Grid is an installation of Kubernetes open-source software supported, packaged, and provided by VMware. Kubernetes, a leading container management platform associated with VMware vSphere as a virtualization platform, allows developers to use the vSphere infrastructure and its storage with centralized management, security, or governance.
Container routine for ESXi (CRX)
vSphere 7 and ESXi 7 offer this new functionality in vSphere 7, in which the new container runtime built into ESXi is called Container Routine for ESXi (CRX). The CRX is able to optimize the Linux kernel and hypervisor and removes some of the traditional heavy config of a virtual machine (VM).
As such, the binary image and executable code can be loaded quickly and booted. It is a kind of VM but runs a highly optimized Linux kernel. The performance benchmarks show that there is a significant improvement in performance, even over bare metal. Additionally, VMware has an ESXi scheduler that makes the overall package that much more attractive.
The CRX has also optimized the boot process, where there is no BIOS, as with traditional VMs. The CRX bypasses BIOS to boot faster and executes the preloaded Linux kernel directly. Since CRX does not need a keyboard, mouse, or video, the virtual hardware is stripped down to the bare minimum.
The Linux kernel itself is optimized not only from a performance perspective by carrying only a minimum set of drivers, but also from a security perspective, as it is packaged directly with ESXi via vSphere Installation Bundle (VIB). All patches and upgrades will be conducted together with the VMware ESXi hypervisor.
vSphere with Tanzu uses many existing vSphere features, such as vCenter Single Sign-On (SSO), Content Library for Kubernetes software distributions, vSphere networking, vSphere storage, vSphere HA and DRS, and the other vSphere security and governance features that we discussed in our introductory article about Kubernetes and containers.
Let's have a look at the various Tanzu editions:
VMware Tanzu Basic
You're able to run this product on-premises in vSphere. You manage the workloads in vCenter Server only compared to Standard or Advanced, where you use the Tanzu Mission Control SaaS application.
Tanzu Kubernetes packages are tested, signed, and supported by VMware. All those supported versions of open-source applications that provide the container registry, networking, monitoring, authentication, ingress control, and logging services are all included, so the Kubernetes environment does not need to download additional apps from elsewhere. All necessary apps have been provided by VMware within the suite.
Tanzu Kubernetes Grid instance
VMware Tanzu Standard
This edition of Tanzu allows you to create and deploy Kubernetes clusters on-premises and multi-cloud. The Standard edition also offers a centralized multicluster SaaS control plane for cluster management across multi-environments.
Monitoring and alerting are provided by Grafana (a dashboard monitoring tool) and Prometheus (alerting). Policy management can help you enforce security with built-in templates. These templates enable you to easily define which workloads can be run or shared, whether you can share host namespace or network, and whether you can run the app as root.
Using custom policies, you can adjust specific parameters from predefined policies that do not suit your needs. The policies can be applied to clusters, groups, or individual workloads as needed.
An interesting feature is policy insights, which allow you to apply policies and do a "dry run" in which you register the violations (if any) and see which containers would be blocked if the policy were applied.
Tanzu security policies
VMware Tanzu Advanced
This edition of Tanzu has container lifecycle features that allow you to work at scale. In addition to all the functions present in the Basic and Standard editions, it offers a global control plane with monitoring and service mesh, consolidated Kubernetes ingress services, and advanced load balancing with NSX-T.
Ingress control, which is part of the Advanced edition, is provided via Contour Kubernetes ingress controller and Envoy edge and service proxy. Ingress control services can provide load balancing, SSH termination, and other services.
The Advanced edition has an application catalog and developer framework (VMware Spring Runtime). It is a self-service catalog that enables your developers to use those building blocks and create complex applications.
Tanzu Advanced Edition enables the use of the NTX-T advanced load balancer or Tanzu SQL, which is a self-service app for your developers.
Service Mesh, part of the Advanced edition, allows you to make sure that you maintain all connectivity and continuity between applications, users, and services. Service Mesh ensures high availability, network visibility, security, and compliance for apps running in multi-cloud environments or apps running on-premises. It offers a central space where you see and manage traffic routing, certificates, microservices, or APIs.
VMware Tanzu editions
Final words
To get started with VMware and Kubernetes clusters, there are three vSphere Tanzu versions you can choose from. VMware Tanzu Kubernetes clusters run on optimized code and optimized runtime with tight ESXi integration. The Tanzu Basic edition uses vCenter Server, which provides management tools for vSphere admins so they can manage VMs the same way as before but with containers as an additional object.
From a VMware admin perspective, vSphere with Tanzu gives you control over your containerized applications with policies, quotas, and role-based access for your development teams. Existing vSphere service features, such as HA, DRS, and vMotion, are also used for containers, but at the application level.
Subscribe to 4sysops newsletter!
With Kubernetes clusters in vSphere, you'll get unified visibility in vCenter Server for Kubernetes clusters, containers, and existing VMs. Centralized management was always a strong part of VMware products. And this hasn't changed with their Tanzu and Kubernetes offerings.
What is a container routine?