VMware Tanzu is a portfolio of products and services that enables customers to build modern applications on the Kubernetes platform and manage them from a single control point. The Tanzu portfolio is pretty vast and includes products and services like:

1: Tanzu Kubernetes Grid

2: vSphere with Tanzu

3: Tanzu Mission Control

In this blog post, I will be talking about what is Tanzu Mission Control and why it is important for you.

What is Tanzu Mission Control (TMC) ?

Tanzu Mission Control is a SaaS offering available through VMware Cloud Services and provides:

• A centralized platform to deploy and manage Kubernetes clusters across multiple clouds.
• Attach existing Kubernetes Clusters in the TMC portal for centralized operations and management.
• A Policy Engine that automates Access control and security policies across a fleet of clusters.
• Manage security across multiple clusters.
• Centralize authentication and authorization, with federated identity from multiple sources.

Why you need Tanzu Mission Control?

Enterprises have adopted Kubernetes very rapidly since its inception and the footprint is growing pretty fast. The main challenges associated with a K8 world are:

• Hard to manage large scale K8 deployment spread across platforms.
• Applying the security policies consistently across the entire Kubernetes footprint.
• The application owners need independence to run and operate their applications across multiple platforms whereas the IT teams need to maintain visibility and control at an organization level.

Tanzu Mission Control solution is intended to deal with the above problems in 3 key ways:

• Enabling developer independence, with control: To cater the business needs, developer needs to speed up the apps deployment to get to market faster, and thus its essential to provide a self-service platform to the developers which they can use for apps deployment on the go. Tanzu Mission Control provides declarative APIs, centralized authentication, and managed namespaces, to enable development team with self-service access to the resources they need to deploy their applications, without changing their workflows. IAM integration ensures the authentication and authorization for the K8 workloads and thus the control over the environment.
• Manage kubernetes clusters across any clouds, with consistency: Using TMC, you can automatically provision clusters across public cloud and on-prem environments. Also the existing clusters can be integrated in TMC, for centralized monitoring and observability over fleets of clusters and application workloads running across various platforms.
• Consistent security for K8 workloads with confidence: TMC enables you to define access, security and compliance policies at organization wide level which can be applied across groups of clusters, and the applications running in those clusters in just a few clicks. It doesn’t matter where your clusters are running, you don’t need to have separate set of policies environment wise.

VMware Tanzu Mission Control Architecture

The below digram taken from VMware official documentation, provides an insight into high level architecture of Tanzu Mission Control.  

The main components of Tanzu Mission Control are:

• Policy Framework: By subscribing to Tanzu Mission Control service, tenants get access to a policy framework which they can use to formulate the policy and apply them across the clusters and namespaces within the cluster.  This ensures policy enablement in a consistet way across the fleet of the clusters that the tenant have deployed or will be deploying in the future.
• Resource Hierarchy: This refers to the grouping of the clusters and the namespaces registered in the TMC portal.
• Organization: A logical entity which acts as the root of the resource hierarchy. 
• Workspaces: Workspaces allow you to organize your managed namespaces into logical groups across clusters. By default a workspace named “default” is created for you to get you started. You can create your own workspaces as per your business needs.
• Health Monitoring: Tanzu Mission Control also enables platform teams to gain global visibility into the health and status of all their Tanzu Kubernetes clusters through its UI, CLI, and API, which eliminates the need to switch between different consoles and portals. TMC integration with Tanzu Observability allows users to easily drill down to a particular issue by leveraging the powerful analytic and diagnostic capabilities of Tanzu Observability.

Using Cluster Lifecycle Management, you can provision new clusters across vSphere and AWS directly from the TMC portal. The Managed Cluster functionality allow you to manage your kubernetes cluster regardless of where they are running. You can attach the kubernetes cluster that are running on vSphere (On-prem or Cloud), Public clouds (AWS, Azure, Google), Managed services (EKS, AKS, GKE), etc. 

Conclusion

Tanzu Mission control simplifies all the various aspects of provisioning and managing Kubernetes clusters across various environments using the Open Source Project Cluster-API. Cluster-API uses objects like machines and providers to abstract cluster components and infrastructure. Tanzu Mission Control then brings in unified Identity and Access control into these environments by working with VMware’s Cloud Services and mapping users and groups to Kubernetes clusters and role bindings.

References 

Introduction to VMware Tanzu Mission Control

That’s it for this post. I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.