One of the questions I get asked often is how did I learn the Tanzu portfolio.
While there are many people that are more qualified then myself on the Tanzu portfolio, I have been working with the portfolio for quite a while and have learned a few tricks that can help people get started in understanding the portfolio and really understanding the underlying tech.
For an overview of the different products in the Tanzu portfolio, I suggest reading my previous post on comparing the different Tanzu Editions.
I will split this blog into 4 different sections:
- TKG / TCE specific recommendations
- TAP specific recommendations
- Additional product specific recommendations
Learning TKG / TCE
TKG in both the TKGm and TKGs flavors, as well as the Kubernetes distribution element of TCE, are based on mostly the same underlying technologies.
When we try to approach these 2 distributions on the surface they look very different but in reality the same tools we learn for one are applicable to the other as well even if the implementation is a bit different.
Phase 1 – Core Kubernetes
At the core we obviously have Kubernetes. I have always found the best way to learn is from hands on examples and practicing.
In order to learn core kubernetes, there are a few key resources i believe are really helpful and can give you the right base to build off of.
- Kube Academy – This is a great project lead by VMware, which provides great content on Kubernetes and the wider ecosystem. for beginners i strongly suggest the Kubernetes core concepts learning path.
- Udemy Course – This course made by Mumshad Mannambeth, which is meant for learning and practice before doing the CKA (Certified Kubernetes Administrator) exam is extremely well done and can give you a great deal of knowledge and understanding in not only how to pass the CKA exam but it actually teaches you the key things you really want and need to know in a way that makes it stick.
- Katacoda – Katacoda is a great place to find interactive guided tutorials on different technologies. They happen to have a great Kubernetes Library of tutorials that is worth looking at and using them as quick lessons on things you are interested in / want a refresher on.
Phase 2 – Cluster API
One of the key parts of TKG / TCE is the underlying cluster lifecycle mechanism which is Cluster API (CAPI).
CAPI is a very active Sub Project in the Kubernetes project which falls under the ownership of SIG Cluster Lifecycle, which is the special interest group that manages the official Kubernetes projects that are meant to help in managing the lifecycle of kubernetes clusters. beyond CAPI this SIG manages projects such as Kubeadm, Kubespray, Minikube and Kops.
CAPI has become the de-facto standard in Kubernetes cluster management when not using a managed service, and has been adopted by almost all commercial multi cloud kubernetes distributions including EKS Anywhere, Google Anthos, TKGm, TKGs, TCE, Rancher, Weave works Kubernetes Platform and many more.
CAPI is built in a provider model in which there is the core CAPI and then there are 3 types of providers:
- Infrastructure Providers – these are the providers / kubernetes controllers that are in charge of making all the needed API calls and instantiating the needed objects in the Cloud Provider of choice such as networks, Machines, Load Balancers etc. The infrastructure providers available today in Tanzu are CAPA (AWS), CAPZ (Azure), CAPV* (vSphere), CAPD** (Docker), CAPW* (WCP) and CAPBYOH*** (Bring Your Own Host).
- Control Plane Providers – These are the providers that are in charge of managing the kubernetes control plane of our kubernetes clusters. The most common example, and the one used in Tanzu is KCP (Kubeadm Control Plane).
- Bootstrap Providers – These providers are in charge of bootstrapping machines into Kubernetes nodes. The most common one used that also is used in all Tanzu clusters is CABPK (Cluster API Bootstrap Provider Kubeadm) which works together with KCP as the Control Plane provider to manage a Kubeadm based cluster using CAPI.
* CAPV is included in TKGm and TCE but not in TKGs where instead it uses CAPW which is a proprietary closed source provider.
** CAPD is currently only available in TCE
*** CAPBYOH is experimental and is currently available in TKGm only.
To truly understand and be able to debug and troubleshoot TKG based deployments, one should gain experience and understanding in core CAPI and the relevant providers they work with.
CAPI like most sub projects in Kubernetes and many other CNCF projects, has open office hours on zoom which can be very helpful to watch and participate in.
These meeting are open to the public and can not only be a good place to bring up issues with CAPI that you experience and get help, but even more so, it is a place to learn what is coming in the future into CAPI which inevitably means it will come into Tanzu in the future as well. understanding what will come will make you smarter, and allow you to make smarter architecture and design decisions.
The other key thing that you MUST do is join the Kubernetes Slack Workspace and within that you should join the dedicated channels to the CAPI providers you are interested in such as:
- Core Cluster API, CAPD, CABPK, KCP – #cluster-api
- CAPV – #cluster-api-vsphere
- CAPA – #cluster-api-aws
- CAPZ – #cluster-api-azure
These slack channels are a gold pot of information and a great forum to post questions and discuss issues or concerns you may have with the specific provider in question which can help shape how the project moves forwards and can be an amazing way to influence things based on your needs.
For the times of the Community Meetings / Office Hours, check out the Kubernetes Community Calendar.
Phase 3 – Carvel tools
One of the key components in Tanzu and especially in TKGm and TCE but also in TKGs is the use of the Carvel Toolset.
Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes.
Both TKGm and TCE utilize the carvel tools, and especially ytt and kapp controller, in order to template and manage our CAPI based clusters.
CAPI clusters are built of dozens of YAML files, with inter dependencies between one another, and managing raw CAPI can be a very difficult task, especially when you add as much additional functionality as TKG offers such as the ability to configure Cluster Autoscaling, Central IDP based Authentication, Container Networking, L4 and L7 Load Balancing, and much more. by using YTT (Yaml Templating Tool) our clusters manifests can be generated via the Tanzu CLI very easily and with a great UX.
Kapp Controller is used to manage all components within our kubernetes cluster provided by TKG, such as the CSI, CPI, CNI, Metrics Server, Pinniped, and the user managed packages such as Prometheus, Grafana, FluentBit, ExternalDNS, Harbor, etc.
Learning the carvel tools can be difficult at the beginning but once you get a hold of it, the power unlocked by the toolset is amazing and is well worth the initial effort in getting started.
To get started with the Carvel tools, i strongly suggest doing the following free online workshops:
Also as with CAPI, Carvel has a channel in the Kubernetes slack workspace (#carvel) that is one of the best channels in terms of the community engagement, and the eagerness to help anyone that has an issue. no matter what time of day, or even on the weekends, it seems there are always people there, helping one another, which is a truly amazing thing to see.
I also very strongly recommend joining the weekly Office Hours call which is held every Thursday at 10:30 AM Pacific Time on zoom.
When using the Carvel tools, TKG becomes by far the most customizable and feature rich distribution of kubernetes. Nearly anything is possible when using Carvel with CAPI. for examples of things that can be done, you can take a look at my GitHub Repo with TKGm Customizations that use the Carvel toolset to enhance the capabilities of TKG.
You can also watch the following videos with additional context on both Carvel itself as well as some demos i have done on utilizing Carvel tools to enhance TKG and TCE:
- The history of Carvel
- Carvel Packaging
- TCE and Carvel
- Tanzu in The Wild – Antrea Live
- Adding Custom Logic to TKGm using Carvel
The carvel community is absolutely amazing and I strongly believe that learning the Carvel tools will be critical for anyone that really wants to master the Tanzu Suite in general and TKG in particular.
Phase 3 – Tanzu Framework and Tanzu Community Edition
One of the great things that has happened this year within the Tanzu ecosystem, was the release of Tanzu Community Edition (TCE) as an open source distribution based on the same core framework as TKG the commercial offering is based on.
This shared framework which is now open source and on GitHub is called Tanzu Framework.
Tanzu Framework provides a set of building blocks to build atop of the Tanzu platform and leverages Carvel packaging and plugins to provide users with a much stronger, more integrated experience than the loose coupling and stand-alone commands of the previous generation of tools.
Tanzu Framework being at the core of both TCE and TKG, means that it is a great place to look at for what is coming soon to both distributions.
A good example of this is that if today you were to look at the open PRs you will see that work is being done in a few different areas:
- A new CAPI provider seems to be being added CAPOCI (Oracle Cloud)
- Moving to use the new CAPI mechanism for Cluster definitions called Cluster Class
- Better support for Air Gapped scenarios
By simply watching what is going on in Tanzu Framework from time to time, you can understand what is coming down the line into TKG and TCE, which gives you time to start learning and reading up on those things before you see them in the release notes, making you stand out and be ahead of the game. It also allows you to dig a bit deeper and share early feedback for example if you think that something is being implemented in a way that is not optimal or if you believe a specific use case is being forgotten etc.
TCE is a truly awesome distribution in it of itself, but I personally was especially glad that it was released because it allows a place to have discussions and communicate directly with Tanzu engineers who are open to hearing and discussing what the community needs and wants from Tanzu Framework and a Tanzu Kubernetes Distribution. Many things can happen from the ground up in this world, and making changes in TCE, can bubble up down the road into commercial products such as TKG when they have proven themselves in the OSS community and have gained traction.
While Tanzu Framework doesn’t have community meetings or a slack channel, TCE does have Community meetings held on zoom every 1st and 3rd Wednesday at 11AM Pacific Time and every 2nd Thursday at 9AM India Standard Time.
These community meetings are a great place to hear what’s coming, and to discuss any issue or questions you may have around TCE.
TCE also has a very active Slack channel in the Kubernetes Slack workspace (#tanzu-community-edition) which is the best place for asking questions and being in contact with the developers, PMs and community at large.
Phase 4 – Authentication Mechanism
One of the key aspects of a kubernetes platform in an enterprise is how users authenticate to the clusters. VMware has developed a kubernetes centric, secure and simple tool for authenticating to any Kubernetes cluster called Pinniped.
Pinniped is an amazing project and it is bundled into TKG and TCE as well as in TMC for all clusters.
Pinniped allows us to manage authentication to our clusters without needing to mess around with API Server flags which in some cases is difficult and in others simply not possible, and all of this is done in a very secure and yet User friendly way.
Being aware of the new features in Pinniped is a very good idea, as you can tell based off of the roadmap, what types of security and functionality enhancements you can expect from Tanzu in future releases.
The Pinniped community can be found on the Kubernetes Slack Workspace in the #pinniped channel.
The Github repo is worth watching for issues and PRs, and the maintainers are super happy to get feedback and suggestions on how to improve functionality or what is missing to make the tool even better!
Phase 5 – Additional Tools
TKG and TCE are not just bootstrapped Kubernetes clusters made possible with the help of CAPI, Carvel and Tanzu Framework.
A TKG/TCE Cluster includes additional components which sometimes something can go wrong with or we may sometimes need to fine tune its settings.
This can include things such as Antrea or Calico as the CNI, vSphere CSI and CPI, AKO for Service type LoadBalancer on vSphere, KubeVIP on vSphere for the Control Plane Endpoint if you are not using NSX ALB, AWS or Azure Cloud Provider and their In-Tree Storage providers for CSI and CPI related tasks when running on those relevant clouds, Metrics Server, Cluster Autoscaler, and the list just keeps going.
While it is impossible to master all of these tools, when you have an issue with any of them or have questions, almost all of them have dedicated Slack channels in the Kubernetes workspace. I personally have joined over 30 channels in the Kubernetes workspace and will utilize them when I need to, but simply keeping up to date for example with Antrea, can help you understand what new features will be unlocked from a networking perspective in TKG and TCE down the road.
The further we go down the stack the more difficult it becomes and it can sometimes seem like the connection to what we actually need is getting smaller and smaller, but the more we understand the underlying technology, and the better we understand the broader ecosystem, the easier it will be for us to adapt to changes, and to foresee what is coming before it is to late.
By joining the Community meetings even to just listen, you gain so much knowledge, it truly is an amazing asset.
By joining the Slack Channel for all the related projects, you can truly get access to the maintainers and broader community, that are eager to help one another. joining a slack channel is so easy, and the added value it can give you, is truly an awesome thing to see happen over time.
Tanzu Application Platform is an absolute beast!
it is built up of nearly 30 different components which are all brought together into a really powerful platform.
While the flexibility TAP gives us is truly amazing, and the feature set is unparalleled in the market today, it can be very overwhelming for many people to dive into.
If you want to truly understand TAP and be able to customize it and be able to truly gain the most out of the platform, bellow you will find some tips that can help you along the way:
Phase 1 – Local Playground
From my experience, the best way to learn is to get your hands dirty and to start playing with the tools.
One of the great things about TAP, is that it can all run on your local machine.
I built a BASH script that can allow you to install TAP locally on your machine using TCE Unmanaged Clusters as the underlying Kubernetes cluster.
This allows you to bring up a cluster with the Full TAP deployment on your computer in 10-15 minutes.
This allows you to have a quickly accessible playground to test things out and break things without worrying about breaking a remote cluster you need to pay for and that you would need to fix.
To read more about the script and how to use it you can check out the Blog Post I wrote when it was released as well as read the README and CHANGELOG files in the Github Repo to see what has changed since.
Having an environment like this is a great way to get started and to experience the platform!
Phase 2 – OSS Tooling in TAP and how to get involved
As mentioned TAP is built up of nearly 30 different components, many of which are open source technologies.
While there are nearly 30 components, I would say that for 90% of the people interested in TAP, and interested in understanding the underlying technology, there are really 10 tools that you want to have a better understanding of in order to really understand what’s going on:
- Backstage – this is the UI of TAP
- Tanzu Build Service – The commerical offering of Kpack, which is a kubernetes native operator for building container images using Cloud Native Buildpacks.
- Cloud Native Runtimes – This is the commercial offering of Knative utilized for deploying web apps in TAP
- Contour – This is the Lay7er 7 load balancer (Ingress) used for exposing TAP workloads outside of your cluster
- FluxCD – This is a key mechanism in TAP which allows for implementing a GitOps flow in TAP
- Grype – This is the default image and source code scanning tool used within TAP when you utilize the secure supply chain (which you always should!!!!)
- Cosign + Image Policy Webhook – Cosign is used in TAP to automatically sign our images and then a webhook is also provided to validate that only signed images are able to be deployed to our clusters.
- Service Binding Operator – This is a kubernetes native way of binding apps to services like DBs and Messaging systems, in a secure and Cloud native way.
- Tekton – This is the tool used OOTB in TAP for running tests and other things that don’t have native CRDs that integrate with Cartographer Supply Chains automatically.
- Cartographer – This is the core component and the glue that brings the whole platform together. this is a supply chain building operator that allows us to define our supply chains in TAP.
Each of these open source projects has a community and relevant places to ask questions, get updates and to get involved. bellow you will find my recommendations for each of the projects mentioned above:
Github Repo: https://github.com/backstage/backstage
Discord Channel: https://discord.gg/MUpMjP2
Community Meetings: https://github.com/backstage/community
Tanzu Build Service – Kpack
Github Repo: https://github.com/pivotal/kpack
Cloud Native Runtimes – Knative
Slack Workspace + channel: Kubernetes Slack Workspace (#knative)
Community Meetings: Every Tuesday 10AM EST https://docs.google.com/document/d/1I9n5pVsuos7mJPrzr5YbSPqSXymPaRbhVtcmSGEkUMc
Github Repo: https://github.com/projectcontour/contour
Slack Workspace + channel: Kubernetes Slack Workspace (#contour)
Community Meetings: Weekly (Alternating time zones) https://projectcontour.io/community/
FluxCD Source Controller
Github Repo: https://github.com/fluxcd/source-controller
Slack Workspace + channel: CNCF Slack Workspace (#flux)
Community Meetings: https://fluxcd.io/community/#meetings
Github Repo: https://github.com/anchore/grype
Community Meetings: https://github.com/anchore/grype#join-our-community-meetings
Github Repo: https://github.com/sigstore/cosign
Slack Workspace + channel: https://links.sigstore.dev/slack-invite (#cosign)
Community Meetings: https://links.sigstore.dev/slack-invite
Service Binding Operator
Slack Workspace + channel: Kubernetes Slack Workspace (#bindings-discuss)
Community Meetings: https://docs.google.com/document/d/1rR0qLpsjU38nRXxeich7F5QUy73RHJ90hnZiFIQ-JJ8/
Github Repo: https://github.com/tektoncd/pipeline
Slack Workspace + channel: Tekton Slack Workspace (#pipeline)
Community Meetings: https://github.com/tektoncd/community/blob/main/contact.md#calendar
Github Repo: https://github.com/vmware-tanzu/cartographer
Slack Workspace + channel: Kubernetes Slack Workspace (#cartographer)
Another key resource to keep an eye on is the TAP Documentation repo. While the official docs are great, almost all the docs work is done in the open, meaning that even though for example right now the latest version of TAP released is 1.1, the docs for 1.2 are already flying into to the repo. this gives you a sneak peak at what is coming!
Phase 3 – Community Resources
Beyond the above mentioned general forums of learning and communication with the projects that build up TAP, bellow you will find some great resources that can be very helpful in understanding the platform and how it works + how to customize it for your needs:
- TAP Related content on my blog
- TeraSky – TAP Webinar
- App Toolkit Workshop – (OSS Version of TAP)
- Cartographer – with Cora and David
- Cartographer Intro – Waciuma and Whitney
- What is Choreography – Zach Robinson and James Rawlings
- TAP Keynote at Kubecon EU 2022
- Cartographer session – Benoit Moussaud – Kubecon EU 2022
Learning The Broad Tanzu Ecosystem
Beyond the main tools mentioned above, Tanzu encompasses a lot more and the portfolio keeps on growing. While many of the Tanzu products are not fully OSS, they in large parts are built off of OSS tooling where being involved is always beneficial. bellow is a list of additional community resources, community links etc. that are adjacent to the Tanzu Portfolio and that can be extremely helpful when trying to really understand what the portfolio has to offer:
Kubeapps – A key part of VMware Application Catalog
Slack: Kubernetes Slack Workspace (#kubeapps)
Community Meetings: Every other Monday at 10:30AM UTC
Antrea – The main CNI in TKGm and TKGs and also available in TKGi
Slack: Kubernetes Slack Workspace (#antrea)
Community Meetings: https://github.com/antrea-io/antrea#community
RabbitMQ – A commercial version exists for both VMs and kubernetes
Velero – Kubernetes Backup solution (included in TCE, TKG, and TMC)
Slack: Kubernetes Slack Workspace (#velero)
Community Meetings: Weekly Community meeting (Alternating Time Zones)
This is just a subset of what is done in the Tanzu ecosystem, but I think we can leave the rest for another post.
As you can tell, Tanzu is not a product, rather it is an entire ecosystem.
Tanzu is unique in the fact that it can meet you where you need it. Tanzu is not a single solution that requires you to use all of it or nothing. While I do deal with almost the entire Tanzu Portfolio due to my Job Position, most people will focus on a specific part of the portfolio that is relevant for them.
Hopefully this is found as a useful reference for getting started going deeper into your Tanzu journey.