It’s not uncommon for me to see the question asking for an explanation of VMware Tanzu Kubernetes terminology and differences between similar named products. As per the below tweet. This is my blog post to address the Tanzu Kubernetes terminology and use.
First, we’ll break down the high level names and products. Then move into Tanzu Kubernetes products.
What is VMware Tanzu?
VMware Tanzu is a brand name covering VMware’s modern applications suite of products, just like vRealize is the suite name for VMware’s cloud management products.
What products are covered by the VMware Tanzu brand?
- Tanzu Application Service – A modern runtime for Java, .NET and Node apps
- Tanzu Build Service – Build containers from source code for Kubernetes
- Tanzu Application Catalog – Curated container catalog
- Tanzu Data Services – Cloud native data and messaging including GemFire, RabbitMQ, SQL and Greenplum
- Tanzu Kubernetes Grid – Enterprise Ready Kubernetes runtime
- Tanzu Mission Control – Centralized cluster management
- Tanzu Observability – Enterprise observability for multi-cloud environments
- Tanzu Service Mesh – Enterprise-class service mesh
And for modern apps professional services
What is Tanzu Kubernetes Grid and are there different versions?
Tanzu Kubernetes Grid is the high-level name for the upstream compatible Kubernetes runtime from VMware and is also referred to its abbreviation TKG.
TKG can be deployed across several platforms including VMware vSphere, AWS, Azure, VMware on Public Cloud (VMC, AVS). This is a multi-cloud offering, but sometimes is confused with the vSphere with Tanzu offering, which provides a tighter integration between Tanzu Kubernetes Grid directly and VMware vSphere.
TKG is sometimes referred to as TKGm, the small “m” denoting multi-cloud. This is not an official product name, so in the remainder of this blog I will only reference TKG. When discussion TKG clusters deployed by vSphere with Tanzu, I will reference TKGs. (Explained further down).
TKG talks to the infrastructure provider to spin up virtual machines and deploy Kubernetes on them, for this reason it does not have a bare-metal offering.
What are the basic elements of TKG?
- Tanzu Kubernetes Grid Instance
A full deployment of a TKG cluster and services. If you deployed a cluster to Azure, and then a separate cluster to AWS, these would be two separate instances.
Note: TKG can be deployed and is supported on a vSphere environment, when vSphere with Tanzu (see below) is not enabled.
Note2: TKG instance is not to be confused with the acroynm TKGI (Tanzu Kubernetes Grid Integrated), which was formally known as VMware Enterprise PKS.
- Management Cluster
This is the first element you will deploy to create your TKG Instance, providing management and operations for your instance. This runs Cluster-API which is used to create your TKG workload clusters (see below), as well as creating shared services for all your clusters within the instance.
Note: When you have a vSphere environment with Workload Management enabled. It is recommended to use the built-in supervisor cluster which leverages the Tanzu Kubernetes Grid Service (TKGS), instead of deploying a TKG Management cluster. (See the details further below).
- Tanzu Kubernetes Clusters/Workload Cluster
Tanzu Kubernetes Clusters, also referred to as Workload Clusters when in the context of TKG, are deployed by the management cluster. These are deployed by using the Tanzu CLI only.
These clusters will be used by your developers to run your applications. You can deploy multiple numbers of clusters as per your needs, also at the Kubernetes versions you need. You can have a different version of workload clusters from one another, and from your management cluster.
In the below image, I am showing a TKG deployment to both my vSphere environment and Azure.
What is vSphere with Tanzu and how is it different to Tanzu Kubernetes Grid?
vSphere with Tanzu at a high level is the ability to provide a platform for running Kubernetes workloads natively on the ESXi hosts, side by side with virtual machines. This feature within vCenter is called Workload Management.
vSphere with Tanzu introduces the Tanzu Kubernetes Grid Service (TKGS), providing the ability for Tanzu Kubernetes Clusters to be deployed and run natively with vSphere. Managed by the Supervisor Cluster (described below).
With the native integration within vSphere, the Workload Management can also integrate with the underlying vSphere storage and Software defined networking stack, NSX-T.
vSphere with Tanzu enables you to deploy TKG clusters like you can do with TKG, but also and uniquely it enables you to run Kubernetes pods directly on your ESXi hosts and it introduces a new vSphere object called vSphere Namespaces. (Explained below).
What are the basic elements of vSphere with Tanzu/TKGs?
When enabling Workload Management within a vSphere environment, a supervisor cluster is created within the VMware Data Center. This supervisor cluster is responsible for managing all Kubernetes objects within the VMware Data Center, including vSphere Namespaces. The supervisor cluster virtual machines communicating with ESXi forms the Kubernetes control plane, for enabled clusters.
The below diagram shows the logical diagram of the components running in your datacenter.
Within the dotted line in the image below, the Kubernetes resources are running inside of the virtual machines that make up the Tanzu Kubernetes Cluster.
- vSphere Namespace
A vSphere Namespace is a logical object that is created on the vSphere Kubernetes supervisor cluster. This object tracks and provides a mechanism to edit the assignment of resources (Compute, Memory, Storage & Network) and access control to Kubernetes resources, such as containers or virtual machines. You may also see some documentation refer to this object as a supervisor namespace.
vSphere namespaces are a Kubernetes namespace. In the context of a supervisor cluster (more details below), if you login as root, and run
kubectl get namespace you will see all the namespaces shown the vCenter UI. What is unique about these namespaces is that from a vsphere perspective they are also backed by vSphere resource pools, so all the items mentioned previously such as assigned compute, storage , etc and permissions are what give them a special purpose.
These vSphere namespaces have no relation to Kubernetes namespaces that would be created inside of a TKG cluster created by the Supervisor cluster.
Below we can see a vCenter interface, showing the various components that we’ll discuss further down, as well the vSphere Namespace we have just covered.
Below is an overview of a vSphere namespace in the vCenter UI.
- Supervisor Cluster
This is a special Kubernetes cluster that uses ESXi as its worker nodes instead of Linux. (See the above image explanation of the vCenter UI view.) A 3-node virtual machine Supervisor Cluster is deployed when workload management is enabled, which act as the control plane.
The supervisor cluster achieved by integrating the Kubernetes worker agents, Spherelets, directly into the ESXi hypervisor. This cluster uses vSphere Pod Service to run container workloads natively on the vSphere host, taking advantage of the security, availability, and performance of the ESXi hypervisor.
- To learn more about how vSphere delivers Kubernetes natively
The supervisor cluster is not a conformant Kubernetes cluster, by design, using Kubernetes to enhance vSphere. This ultimately provides you the ability to run pods directly on the ESXi host alongside virtual machines, and as the management of Tanzu Kubernetes Clusters.
- Tanzu Kubernetes Cluster (TKC)
Tanzu Kubernetes Cluster (TKC) is the name used for a Tanzu Kubernetes deployment deployed and managed by the Tanzu Kubernetes Grid Service, with the virtual machine objects deployed inside of a vSphere Namespace. This is a full conformant Kubernetes cluster, and within the cluster it operates like that of TKG.
This may also be referred to as a Tanzu Guest Cluster.
As this Tanzu Kubernetes Grid cluster is deployed by the TKGS provided by Workload Management, these clusters will also be integrated into the underlying stack such as vSphere Storage and NSX-T for networking (if available).
Multiple Tanzu Kubernetes Clusters can be deployed within a single vSphere Cluster.
vSphere with Tanzu – Supervisor Cluster or Tanzu Kubernetes Cluster, which one should I choose to run my application?
- Provides the ability to manage containers just as you would manage virtual machines
- Provides stronger security and resource isolation due to the use of vSphere Pods
- Requires NSX-T
- Performance advantages of vSphere Pods
Tanzu Kubernetes Cluster:
- Kubernetes clusters that are fully conformant with upstream Kubernetes
- Flexible cluster lifecycle management independent of vSphere, including upgrades
- Broad support for open-source networking technologies such as Antrea
For further information check out the Whitepaper – VMware vSphere with Kubernetes 101
Wrap up and Resources
Hopefully this was helpful and clears up some of the unambiguity of naming conventions under the Tanzu Kubernetes offerings. Below are a few helpful resources to continue with:
- A guide to vSphere with Tanzu Kubernetes – Day 2 Operations for the VI Admin
- vSphere with Tanzu Architecture and components
- Tanzu Kubernetes Grid Service Architecture
- Take the vSphere with Tanzu 101 course