VMware Tanzu for Kubernetes Operations Reference Architecture 1.4

Kubernetes is great platform that provides development teams with a single API to deploy, manage, and run applications. However, running, maintaining, and securing Kubernetes is a complex task. VMware Tanzu for Kubernetes Operations simplifies Kubernetes operations. It determines what base OS instances to use, which Kubernetes Container Network Interface (CNI) and Container Storage Interfaces (CSI) to use, how to secure the Kubernetes API, and much more. It monitors, upgrades, and backs up clusters and helps teams provision, manage, secure, and maintain Kubernetes clusters on a day-to-day basis.

This document provides a reference architecture for deploying Tanzu for Kubernetes Operations. The reference architecture uses the Tanzu components that make up Tanzu for Kubernetes Operations and provides a high-level architecture for deploying the components together as a solution. The reference architecture is tested and supported by VMware. The following diagram shows the reference architecture.

Tanzu Edition reference architecture diagram

In addition to the reference architecture, several reference designs and the instructions for deploying the reference designs are available. The reference designs are tailored for deploying Tanzu for Kubernetes Operations on your IaaS or infrastructure of choice. The reference designs are based on the high-level architecture.

Components

The following components are used in the reference architecture:

VMware Tanzu Kubernetes Grid - Enables creation and lifecycle management operations of Kubernetes clusters.

VMware Tanzu Mission Control - Provides a global view of Kubernetes clusters and allows for centralized policy management across all deployed and attached clusters.

VMware Tanzu Observability by Wavefront - Provides a centralized management platform for consistently operating and securing your Kubernetes infrastructure and modern applications across multiple teams and clouds.

VMware Tanzu Service Mesh - Provides consistent control and security for microservices, end users, and data, across all your clusters and clouds.

VMware NSX Advanced Load Balancer Basic Edition - Provides layer 4 service type load balancer support. NSX Advanced Load Balancer is recommended for vSphere deployments without NSX-T, or which have unique scale requirements.

Pinniped - Provides identity services to Kubernetes. It is an authentication service for Kubernetes to set up integration with identity providers such as OKTA, Dex, and LDAP.

User-managed packages - Provides in-cluster and shared services to the Kubernetes clusters that are running in your Tanzu Kubernetes Grid environment.

Cert Manager - Provides automated certificate management. It runs by default in management clusters.
Contour - Provides layer 7 ingress control to deployed HTTP(S) applications. Tanzu Kubernetes Grid includes signed binaries for Contour. Deploying Contour is a prerequisite for deploying the Prometheus, Grafana, and Harbor extensions.
ExternalDNS - Publishes DNS records for applications to DNS servers. It uses a declarative Kubernetes-native interface.
Fluent Bit - Collects data and logs from different sources, unifies them, and sends them to multiple destinations. Tanzu Kubernetes Grid includes signed binaries for Fluent Bit.
Prometheus - Provides out-of-the box health monitoring of Kubernetes clusters. The Tanzu Kubernetes Grid implementation of Prometheus includes Alert Manager. You can configure Alert Manager to notify you when certain events occur.
Grafana - Provides monitoring dashboards for displaying key health metrics of Kubernetes clusters. Tanzu Kubernetes Grid includes an implementation of Grafana.
Harbor Image Registry - Provides a centralized location to push, pull, store, and scan container images used in Kubernetes workloads. It supports storing artifacts such as Helm Charts and includes enterprise grade features such as RBAC, retention policies, automated garbage clean up, and docker hub proxying.
Multus CNI - Enables attaching multiple network interfaces to pods. Multus CNI is a container network interface (CNI) plugin for Kubernetes that lets you attach multiple network interfaces to a single pod and associate each with a different address range.

Reference Designs

The following documents provide reference designs for specific infrastructure providers. The reference designs are based on the high-level architecture.