VMware Tanzu Kubernetes Grid (TKG) provides a consistent, upstream-compatible implementation of Kubernetes, that is tested, signed, and supported by VMware. Tanzu Kubernetes Grid is central to many of the offerings in VMware’s Tanzu portfolio.
As you might have noticed, there are currently five different TKG offerings available: TKG, TKG Service for vSphere (sometimes also called TKG for VCF), TKGI, TKG Plus and TKG as part of Tanzu Mission Control. Let’s have a closer look at these offerings and see how they are different but also related to eachother.
Tanzu Kubernetes Grid
To start with Tanzu Kubernetes Grid, TKG is the evolution of what used to be Essential PKS.
The current version is TKG 1.1, that was released on May 21st. TKG is a standalone offering and supports vSphere 6.7 U3, you can also run TKG on AWS using EC2 virtual machines. There is also support for running TKG on VCF 3.9.x.
A typical TKG deployment starts with a management cluster, that is the primary management and operational center for the TKG instance. The management cluster is deployed using a bootstrap cluster that will run on your local machine. This bootstrap cluster is only used for the initial deployment of the management cluster. End-user workloads will not run on the management cluster. In this scenario the TKG management cluster is based on VMs and is not natively integrated with vSphere (as with vSphere 7 with Kubernetes). The TKG CLI is used to instantiate additional K8S clusters, Cluster API is used for lifecycle.
Using the TKG CLI you can deploy additional TKG clusters that are used to run end-user workloads. The entire lifecycle of a TKG cluster is manaaged by TKG CLI. By default Calico is used for networking. TKG Cluster leverage TKG Cluster Plans. A Cluster Plan describes the configuration of the TKG cluster, there are Cluster Plans available for both the management cluster and workload cluster.
Tanzu Kubernetes Grid Service for vSphere
Tanzu Kubernetes Grid Service for vSphere, also sometimes called TKG for VMware Cloud Foundation, is quite the same as ‘regular’ TKG, although this specific version is the only supported option for vSphere 7/VCF 4. TKG Service provides native integration with vSphere 7 and full lifecycle management of TKG clusters. You can manager your TKG clusters through the vSphere WebClient in this scenario, next to management through the TKG CLI.
In this architecture a separate Management and Edge Cluster is available, as well as a Workload Management Cluster. A consolidated architecture is also available that combines the Management/Edge Cluster and the Workload Management Cluster. Notice that the Management and Edge Cluster in this scenario isn’t a TKG Management cluster, but a Management Cluster from a vSphere/NSX-T perspective.
A Workload Management Cluster, also known as a Supervisor cluster, has got vSphere with Kubernetes enabled. You enable vSphere with Kubernetes through the Workload Management option in the vSphere WebClient. After Workload Management is enabled, a Kubernetes Control Plane will be deployed, the vSphere Pod functionality is enabled and TKG (workload) clusters can be deployed on the Supervisor cluster.
The Kubernetes Control Plane acts as the Management Cluster for the TKG Workload Clusters. So TKG Service for vSphere will leverage the management capabilities that are provided by (and integrated in) the Supervisor cluster.
To deploy a TKG cluster (on vSphere) you have to create a subscribed Content Library. The VM image that is used for your TKG clusters is pulled from this library. Your provision a TKG cluster using a declarative YAML file that invokes the TKG Service API.
Tanzu Kubernetes Grid Integrated Edition
Tanzu Kubernetes Grid Integrated Edition (TKGI) is the new name for Enterprise PKS. The latest TKGI release is 1.7 is based on Kubernetes 1.16.7. TKGI uses BOSH to manage infrastructure and has deep integration with NSX-T. TKGI is multi-cloud enabled and support vSphere, AWS, Azure and GCP. Notice that although TKGI includes “integrated” in its name, it’s not as tightly integrated with vSphere as Tanzu Kubernetes Grid Service for vSphere is. The integration is more about the integration of Kubernetes, BOSH, NSX-T, Harbor and the Docker engine (Docker-CE).
BOSH is used for cluster lifecycle management, this includes day 1 operations (the initial deployment) as well as day 2 operations such as scaling, patching, upgrading and detecting failures of the VMs that are running the K8S clusters. NSX-T is used for POD networking and also for load balancing.
Harbor is used as a container registry, and Docker-CE is used as the container runtime. A TKGI environment consist of a TKGI/PKS Control Plane and one or more workload clusters.
Tanzu Kubernetes Grid Plus
Tanzu Kubernetes Grid Plus (TKG+) is actually an add-on for standalone TKG.
Tanzu Kubernetes Grid Plus provides an extended support matrix of open source applications that is larger than the list of applications that Tanzu Kubernetes Grid provides. If you have Tanzu Kubernetes Grid Plus, the VMware Tanzu Support team can assist you with setting up this wider range of supported applications.
Solutions that are supported:
- Harbor – Harbor is an open source cloud native registry to store content (container images). It stores & signs the content and includes RBAC, replication, vulnerability scanning and more.
- Sonobuoy – Sonobuoy (originated from the Heptio acquisition) is a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster.
- Velero – Velero (fka Heptio Ark) is a tool to backup and restore K8S clusters and persistent volumes.
- Observability solutions:
- Prometheus – Prometheus is a solution to address challenges associated with Kubernetes monitoring.
- Grafana – Grafana is a multi-platform open source analytics and interactive visualization web application.
- Alert Manager – Alert Manager is a Prometheus solution that handles alerts sent by client applications.
- Fluent Bit – Fluent Bit is an open source and multi-platform Log Processor and Forwarder which allows you to collect data/logs from different sources, unify and send them to multiple destinations.
Contour and Dex are suppored for both TKG and TKG+. Also check VMware KB 78173 for a full overview of the difference between TKG and TKG+.
Tanzu Kubernetes Grid Plus (TKG+) is the supported model to deploy TKG to VMware Cloud on AWS (VMConAWS). Also check out this article by my colleague Gilles Chekroun on deploying TKG+ to VMConAWS using Terraform.
Tanzu Kubernetes Grid as part of Tanzu Mission Control
Tanzu Mission Control (TMC) offers a managed TKG service, specifically for public cloud environments. With TMC it’s possible to connect to your existing K8S clusters, but it’s also possible to deploy new clusters after you’ve added a cloud account to TMC. TKG is used here to deploy these clusters.
When you create a TKG cluster, TMC performs the following actions:
- First provision the necessary resources in your specified cloud account
- Create a Tanzu Kubernetes Grid cluster according to your specifications
- Attach the cluster to your organization
With TMC you will have complete control over the complete lifecycle of provisioned TKG clusters.
To conclude and further reading
I hope this gives some more insight on the various Tanzu Kubernetes Grid offerings.
While working on this post I ran into an article by Cormac Hogan on this topic. The article has about the same scope, but you also might find some additional information in this post. A recommended read if you want to learn more!