Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
VMware / TGI Kubernetes / 3 Dec 2021
VMware / TGI Kubernetes / 3 Dec 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: TGI Kubernetes 177: Tanzu Community Edition

Description

Join our #TGIK8s livestream this Friday! Josh Rosso and Tim St. Clair will walk us through Tanzu Community Edition.

00:00:00 - Welcome to TGIK!
00:00:30 - Introductions
00:02:15 - Episode Intro and Some News
00:09:15 - TCE Demo, Exploration, and Questions
00:54:31 - Architecture and More Questions
01:24:34 - Goodbye!

Notes: https://github.com/vmware-tanzu/tgik/tree/master/episodes/177

A

Hey everybody welcome to tgik 177. uh We are coming at you uh on two fronts today, uh josh you've seen me in a couple tgiks and I've got tim with me today as well. We're super psyched to be here. um Tim you haven't hosted a tgik before. Is that right.

B

Yeah, I've never hosted a tgik before I've been in 12 000 sig meetings, but this is my first tgik.

A

Well, we are glad to have you welcome um for those that don't know you do you want to just give us kind of a intro on yourself yep.

B

So I I think what is it dockercon 2014 when kubernetes was first announced? uh I was one of those people who were immediately on what was uh irc at the time. Google containers irc grilling, this guy named joe bida being like. Does it do this? Does it do that? Does it do this? Does it do that and he's answer?

B

His answer was like no, yes, no, yes, who is this guy, uh so I've been in the kubernetes community since, like the first day day, one from that I've been working in the kubernetes community, I've had various roles in the community.

B

I started out as the scalability lead, because in the early days of kubernetes, nothing scaled, um so it was like a whopping. You know 50 nodes before it imploded uh and then we moved on to other things over time. So I worked uh in scheduling and then uh sid cluster life cycle. I worked in the steering committee for a while and uh now I'm I'm leading up uh t, uh tkg and sort of the the architecture of tce and where we're trying to go to and where we're trying to get to.

A

Awesome cool uh so, uh if you're just joining us for the first time um feel free to say, hey in chat, um it's kind of tradition around here to say where you're signing in from, if you feel comfortable doing that, it's good to see some super familiar faces in chat, martin rory rico, savvy eric so great to see you all again so we'll start off today, as we usually do with just kind of an overview of what's going on now, um as tim can attest to, uh we are very busy people this week, which means that we did not do a very good job of filling in things that are going on in kubernetes.

A

So if anybody has anything they want to add to stuff, they know that's going on in core or just the kubernetes ecosystem feel free to add those in and we can. We can talk about them. A bit tim I know you've been slammed this week is: is there anything in upstream kubernetes that you're aware of that would be interesting to call out for this week.

B

uh I'm sure there are, but I think most of my downstream work has bleached my brain. uh So there was a couple of conversations that happened that I thought were interesting, but I've. uh I've said six sponge, that from working memory.

A

Yeah yeah, it is uh I'm just happy. We found time on both of our schedules where we could do this session. um Even if the agenda here is a little uh or the weekend, reviews a little bear. So if anybody knows of any interesting stuff feel free to say it in chat or add it to the hackmd, um as always, the link is tgik dot. Io, slash notes, we're happy to talk about different stuff and comment on things.

A

If you do have any any cool ideas. Okay, so what are we gonna be talking about today, uh just to kind of skip right into it? um You've heard a bit about tim.

A

uh I think some of you know me from other episodes, but if you don't my name's josh, I have done kind of two ends of kubernetes, both like helping folks set it up at large scale at various organizations, and now I work with tim in an engineering capacity, uh helping bootstrap something called tanzu community edition, and what we're going to kind of go through today is giving you a demo of what this thing is.

A

We figure just getting some context in your head might be helpful before we, you know, jump right into it and then the kind of uh you know hosts we have today it'd be really good to jump into sort of the architecture behind it and talk about what we have going on under the hood. There's some pretty novel stuff going on in what tonzu is doing, and I think it will invoke a lot of interesting questions that you all might have and we're here to answer them.

A

So maybe before we jump in we'll call out a couple things um rory said one two three dropping next tuesday, with ephemeral, container support enabled by default. So that's pretty cool, been waiting to see how that was going to show up for a while now.

A

So thanks for adding that there rory and inside of week in review, we've got some good re, invent news, we'll come back once these get filled in and maybe maybe talk about these a bit in a sack. But before we do tim, I I wanted to ask you something that you had mentioned.

A

You you'd mention that you work on this thing called tkg and before we get too deep into acronym soup land, which tends to be how vmware rolls yeah, you want to like tell us at a high level like there's a lot of people in here, but probably don't even know what the heck ton zoo even means. So maybe you could just kind of frame the idea of tkg and community edition and that kind of stuff.

B

Sure so like in the early days of kubernetes or when we had early days of sick cluster life cycle, there was a bunch of componentry that we created we're, trying to build like a layered set of tooling. So trying to follow, unix philosophy and doing componentized layering is like super duper hard like you're, not going to get this right on your first go.

B

It's going to take you several iterations, and so you have like a bounding box, for you know each individual tool that you're trying to build inside your tool chest, and so in the early days. You know there was a common problem of bootstrapping and all these different tools were all doing the same thing. So we sort of settled on a tool in the community using cube, adm and now kubernetes like the de facto bootstrapper for like a ton of tools.

B

If you look at kind, minicube, cluster api and all the providers around it, they're all using kubernetes at the core, now go up pop up a layer that only solves one problem which is bootstrapping. So what happens if I want to do provisioning- and I want to do it in declarative fashion, then then you start to get things into things like cluster api, which is like.

B

I want to be able to provision clusters like pods right and I want to be able to declaratively manage them in that fashion, and so what tkg is and what tonzo is, is meant to be sort of a wrapper or a set of tooling, even above a cluster api which is managing the life cycle of tanzu clusters right, and so that's, basically a set of opinions that we're trying to bake into how we're distributing and managing clusters at scale.

B

So that's like a simplified version of it.

A

Cool and as we get into some examples, I'm sure you all will come up with some questions and we're happy to to kind of clarify as as we go along. So let's talk a bit about uh some of these other news items that came in and then we'll we'll get into the the demo here. uh So interesting news, I don't know if you saw this tim, I definitely hadn't there.

A

It looks like docker has announced official images in ecr, so I browse through this article as quick as possible, and I can't really tell what official means um if someone in chat wants to add in I was thinking like these are like the nginx, where, like you, can just call nginx and pool nginx.

A

It's like an official uh image like pointed at, without like a organization in the url or I guess, what do you call it project or whatever in the url, and it looks like uh ecr, has like a whole searchable way that we can go in now and view some of these. So you know, elephant in the room may be a response to rate limiting um for people that don't have docker hub accounts, but this is super super interesting. It looks like for amazon users in particular.

A

What I read in the article is, it does have some pull through caching for like private vpcs, so that could be like a really compelling thing um for folks who are trying to pool easier and faster.

B

So the one nice thing that you got from docker hub uh was that chain rebuilding for images right. So if you were going to do something you had that chain rebuild, which was super useful, um I'm just kind of curious, whether or not they kind of have that support or not, or if it's just a hosting service.

A

Yeah, I would think it's more so a hosting, but this is a very small article. There might be more to it than what I see so cool thanks for adding that, and then we also have a link in the hackmd2. uh As we mentioned from rory, there is kubernetes. 123 is coming out check out this article from sysdig looks like they go over a lot of the different enhancements and so on that are going on inside of this release so uh check it out.

A

If you want to dig into uh to what's going on and then you can tell tim and I what's going on in kubernetes one two three, so okay cool all right, let's talk a little bit about demoing, tanzu community edition and then we'll dive a bit into the architecture, especially with tim kind of showing off some of the stuff. So um as I go through, the demo too tim feel free to jump in and add uh where you'd like. So I am going to start with my terminal window here.

A

So let me um we're getting used to this new stream lab thing, so it might be a little a little janky jumping around, but let's give it a shot. So I'm gonna go to my terminal here and see if I can start us off with that. Okay sweet. uh Do one of these real, quick and chat, don't hesitate to say if the text is too small or anything like that, um so I'm just gonna go into the box.

A

I've got set up for this okay entry point into tonzu for those of you who are like okay, tim described it I kind of get it starts with a t, it's relevant to kubernetes right. What do you actually get when you kind of start off here so using a package manager um right now? We've got brew and chocolaty uh we're definitely planning to like get into like the yums of the world, and you know maybe arch. I don't know whatever package repos we can eventually get into. But for now you can do your whole brew.

A

Install we've got the docs on our website um and it will pull down a cli. Now the cli is your entry point to doing a lot of different things, um and what tim will actually talk to us and and myself as well, to talk to us about a little bit later is how these different commands are composed. But for right now, like just from an end user perspective, we run tonzu and we get a bunch of different commands that we can run okay.

A

Now some of you might be familiar with the project cluster api and those of you who have been around in boot driving clusters for a really long time have probably are probably familiar with the idea of cube admin and how these things kind of layer together right. So cluster api in in my definition, is solving a problem that every freaking organization using kubernetes, was solving for the longest time.

A

They would get a cluster up and then they would say like okay, now, I'd really like a way to like declare the state of a cluster I'd like in manage multiple clusters and scale them and blah blah. So many people in in my experience would basically with sticks and glue, create a bunch of automation. Pipelines then try to put an api on top of it where they would ask for a cluster, and then they would create that cluster. They could give it to a team or many teams, depending on their tenancy story and so on.

A

But cluster api takes a lot of the primitives. We know and love in kubernetes, which is you know, declarative apis. We send the state in it reconciles and it applies that to cluster management.

A

So I know a lot of that is review for y'all, but know that the backbone of what we're about to show you is built on that same open source project.

A

So if I were to kind of get started here with with uh teak with tonzu, what I'm probably going to start off with is running a command that is, let's bring this down, so you can see it, which is tanzu management, cluster, the premise being we're going to have a cluster that manages many other clusters.

A

Okay, so uh alejandra, you said: is it possible to move the webcam boxes to the bottom right, so you can see what you type that's a great idea: let's try tim will hide our beautiful faces here for a moment: okay, so uh tanzu management cluster. Right now, with this in place, we can start off by creating a management cluster.

A

Now, if you've used cluster api in the past, you might know that this is a process of propagating some yaml with uh you know a couple different settings and all that good stuff, one of the things that you'll start off with with tonzu community edition is a ui that will help you through that initial process of getting those those pieces bootstrapped. Okay, so if I did tanzu management cluster create I'd, ask to do it through the ui.

A

Now I've got this running on a remote host, so I'm gonna specifically set up a bind address real quick, um but normally we could. If you were just running this like on your local machine, you would just type enter or hit enter and it would pop up a browser for you and I'm also going to say browser.

A

None since I'm going to come back to this all right so in creating our first management cluster, it's going to go ahead and say: cool josh, I'll help you out here, here's a ui and again normally a browser would pop right up. uh But since you can't see my browser, I'm gonna flip to that browser. Let's pop over to here again all right- and if I go to my address, which was 333 and type in 9000 I'll get a ui.

A

That looks something like this all right now, again: kind of pairing, the worlds of tonzu and cluster api a bit those who've used cluster api. You might be aware of the concept of a provider where providers, let us go in and say we want to take this declarative model of cluster management and we want to apply it to vsphere. We want to apply it to aws azure, google uh lenode uh digitalocean. If they have one. I don't know tim probably knows the providers more exhaustively than me, but there's the idea with cluster api.

A

Is we have this declarative api and we put a provider underneath it to satisfy it. You know we see this model everywhere right, like ingress, we have an api, we put a controller underlying it to satisfy it, be it nginx envoy on and on. So in this case, what ships today with tonzu community edition, are four providers providers that let you run clusters locally, like in the case of docker and then providers that will let you run them remotely in a target, is or infrastructure of sorts?

A

Now I had a feeling you all didn't want to watch the paint dry for like 10 to 20 minutes, so I went ahead and bootstrapped a cluster, but I figured I'd just show you real quick, what the process kind of looked like for me. So I went into aws here it would say: okay, josh cool! What's what's going on?

A

What's with aws, I've got a profile loaded into my machine, so I'll go in and tell it what my profile is and then, when I connect the key here is that it's going to actually help us understand what's available in that ias provider, so that we can fill out effectively that you know under the hood just yaml file with the appropriate properties. We need to bootstrap, so we go in next. We can attach to an existing vpc. We can create a new vpc, so on and so forth. um We can set the instance types.

A

uh You know: management cluster name, all that good stuff it'll. Let us specify network settings like what we want, our pod and service citer to be um identity management. If we want to hook into oidc or ldap, select a base image in the case of aws. Your options will be ubuntu and amazon linux, but tim, and I today can talk to you a bit about how you can actually bring different hosts as well, and then there's also a sas offering from vmware that you have the option to hook into too called tonzu mission control.

A

So all of that's kind of wired up and I'm going to show you when I kind of deployed here what what this effectively created, but before I go any further. Let's, let's answer some of these questions, tim um rory said: is there a plan to have a provider for vmware workstation.

B

So we've chatted about it. There's no plan of record currently to expect that, but one of the things we're trying to do with tce is leverage both the community internal and external, to vmware, right everything's in the open, so patch is welcome right. So we're not. We are going to try to unlock those teams to help them sort of integrate and we have all the plumbing and the tools available, uh we're not as pluggable yet as we want to be and I'll talk about that later on.

B

But I think uh by having this open community edition we're trying to allow people to take the expression of what they want to do and be a platform platform on top of a platform platform. So so, if you consider kubernetes to be a platform platform right, you can do a lot of interesting things on top of it and then, if you think of tce as well, I want to render an expression of the things that I need for my environment. On top of it, we want people to be able to do that.

B

So that's part of the reason we're doing that in the open. So a lot of times people think of distributions. I would think a I would think of tce more of as a platform platform.

B

We have some opinions baked in, but we also allow people to build the top in and around it, and hopefully we're going to talk a little bit more later on about how to make it so plugable that you could build a rendition of tce.

B

That is your own and we're trying to get there we're going to get there soon. But I think that's the real power.

A

Yeah, absolutely, I think, I think we're getting more and more interest, especially with you know. People on uh you know various platforms using um docker, desktop branch or desktop so on, taking it a step further and being able to plug in some of these different providers. um The other question that we've got here is uh emir amigo. uh Can communication be used in production for a commercial implementation, so um one of the great things about tce is that it does not have licensing that prevents your usage of it so effectively.

A

You know you can be as dangerous as you want to be. um If you want to stand up clusters, try them out, try them out locally. If somehow you wake up in the morning and all sudden, your company's running production workloads on it right um tce is totally able to be used for that. We don't artificially limit like sizes of nodes or anything like that. um You know. Obviously, the big implication like a lot of community projects is that we support it in the community. So I'm out there tim's out there.

A

Our teams are out there and slack and github trying to answer as much questions as possible and the community is as well, but you know, as you know, uh you also don't have a direct line to a phone number to uh to call me if something goes terribly wrong, which is what um some of the fancier enterprisy things would allow you to do.

B

Yep and like we were mentioning earlier too, is that um so tce is meant to be the upstream platform platform uh to the rest of tonsu right, and so you know if there is ever a case where you're building like an isv ecosystem around something- and you want to be able to offer support like we're, trying to build the plumbing so that the transition is natural right. So a lot of times. If you were to go to a distribution, it's not really something.

B

You would inherently try to customize and build on top of it's so tailored to a product driven user story. We're trying to build something- that's literally customizable, so you could take it, render a rendition or a set of opinions into it, and then should you want to get support. We have you know the mechanism to do that later. On.

A

Cool all right, we've got uh two other questions uh in chat here. I'm gonna go ahead and demo a little bit more and then we'll come to those. um So let's go ahead and flip back to the terminal window here, um okay, so I've showed you a bit of the ui and I have like I mentioned bootstrap some clusters just so that we can kind of get this thing rolling so effectively. What we've got going on here is I've, got a management cluster stood up now and I have got a workload.

A

Cluster stood up as well. um So again it's that one-to-many relationship, we'll have one management cluster in most deployment models, managing one or many workload clusters.

A

So how did I go through and actually kind of create these things um I'll come back to this window in a second we'll just talk about my management cluster. So if I run tanzu management cluster get here, it's going to give me some details about the management cluster that I currently have running on my machine. So you can see here it's tgik mmc! You can see some details about its infrastructure provider. It's using aws as the provider itself.

A

um It uh gives us some details about the cappy components that are running inside of here as well, so kind of like we talked about there's, there's multiple layers here, there's things that look at the actual cluster api apis and then try to satisfy them on different levels like at a cube admin level or at an infrastructure provider level. To actually you know in the case of aws, create the ec2 instances and vpc and so on, that's needed and then there's the actual core cluster api provider itself.

A

So.

B

Yeah.

A

I've got a management cluster running; it can manage workload clusters now with this running from that initial ui. What I was able to do here and I've kind of fast forwarded for the sake of this demo is. I ran this command right here. um This is basically saying hey. I am locked into my management cluster and using that management cluster. I want to go ahead and create a workload cluster based on a configuration file. Now this configuration file actually came from that ui that I was showing you a little bit earlier.

A

Maybe we can take like a super quick peek into it for those that are curious so effectively. What I've got going on here is a bunch of yaml. That is saying how I want my cluster to be bootstrapped. This is again all sourced from the ui, but of course you know, I don't even want to say advanced users.

A

I just think users who do more than proof of concepts you'll end up getting to a point where you're, mostly going through these configuration files, setting them up, perhaps version controlling them and then just doing all of your bootstrapping off on the basis of this kind of stuff- um and you know that's when templating and all kinds of other crazy stuff comes into play, but nonetheless this is the underlying file.

A

That's basically feeding the tons of cli telling it the details about where I should be deploying my workload cluster and the details about how it should run right. So it went through it created the workload cluster and now the management cluster is managing the workload cluster. So essentially, we've got like two levels of commands here. Right we've got the tonzu management cluster command, which is going to give us the ability to upgrade get credentials, delete it so on and so forth.

A

But once the management cluster is up, we're probably going to mostly work with the tanzu tanzu cluster command and the tanzu cluster command is going to be away from a cli that we can actually alter uh the we can alter the uh the guest cluster or sorry guest clusters, the workload clusters that we're creating. So if I wanted to scale that cluster up that I just created right. um If I wanted to see what clusters I have available suitanzu cluster list, it'll actually tell me which workload clusters are currently running, underneath that single management cluster.

A

So all of this can be kind of viewed inside of here now again just to kind of bring the plumbing full circle. What we've got going on here is basically interactions with the same cluster api primitives. A lot of you are used to upstream and that's a really powerful construct to have at your fingertips when you're using enterprise software- we're not just like fully taking that away from you. So you know maybe to just give like a a quick example here.

A

Let's do um tanzu management, cluster uh and I'll fumble with the commands here, because it's been it's been a while, since I've done it but it'll be something like tonzu management, cluster management management, cluster uh cube config. I think the flag's admin, oh, get admin, okay, sweet! So while I can interact with these clusters through tonzu cli, I can of course interact with them through cube cuddle as well.

A

So in my case, I'm a very elevated admin here, I'm going to go in and set my context, this cluster and let's just take a quick look inside of what we've got going going on in this cluster, so pretty standard cluster api cluster you've got a cni inside of here. In our case, antraya we've got the cluster api aws provider running. That's actually reconciling again the resources in aws we've got all the different cappy components as well. Now, like you saw me just do with like tonzu cluster list and so on.

A

All of that is powered from the same cluster api primitives that we're used to. So if we do cube cuddle- and we do get cluster right- we're going to actually see the clusters that are known inside of here, which, in the case of our management cluster, it's going to be the guest cluster that it's managing and it's also going to be itself because the management cluster is just another cluster.

A

It it just happens to be kind of like self-managing and has these extra extra cappy components in it um all right and we're going to get into this concept of packaging very soon. But tim. I think we should answer some more chat questions here.

A

um Chris asked about oracle cloud support uh for working with their arm. 64 boxes, probably pretty similar to what you talked about earlier about making this plugable yeah.

B

Yeah, so you could in theory in the future you could be able to plug in whatever cloud provider integration you wanted to, um and you know, there's portions of the bootstrapping, which is broken up into two different parts like there's the bootstrapping of the management cluster, then there's bootstrapping of the workload clusters, and if we do the pluggable model correctly, you could just update that and create your own custom tkr to build whatever you wanted to build right. So if say, for example, I wanted to create a hybridized approach where it's like oracle and amazon.

B

You know you could customize that to the nth degree, so that's kind of what we're building. um So it's not all there there today, though, um we're getting there uh so the foundations. Are there we're trying to make some code changes and probably in the next three to six months or so you'll start to see all of this light up and be a lot cleaner.

A

And uh amero amigo, I missed your other question you asked does tons. Does community edition also support tons of build service and asset catalog, and that is definitely something that we're looking to expose tim? Do you want to add any other details on that.

B

Yeah, I folks are working on it and to build it plummet through tce. I think what you'll find is that uh there's gonna be the open source rendition and the community rendition of things playing through tce.

B

So there will be the oss rendition of stuff will flow through tce, and then there will also be like the productized renditions will be on the downstream side of things. So there will be an open source upstream, which might not be like you know, all the fit and finish and polish that you would want, but all the user configurability in the world um will be there and then on the downstream side will be the product side.

A

And alex asked uh how does tonzu compare to rancher for managing other workload clusters? um And I think there actually is some overlap between the two, because I think rancher is leveraging cluster api to some degree I'll, be.

B

Perhaps.

A

Maybe modified.

B

A bit I can't speak to it now, because I I can speak to what it was. I can't speak to it now because I don't they changed or shifted their model, so I do know that they are leveraging cluster api. Now um I think you know we are trying to build uh again like a platform platform, so the foundations are. How do I build and mold things on top of it and to have that strict layering model, as well as having the you know, the support guarantees in the downstream product side, so.

A

Awesome and nick said it would be pretty neat to tell tons of to instantiate multiple clusters to have them interconnected uh with something like gimbal.

A

um So hey nick glad that you're here nick and I worked together at coreos and worked with tim and I at uh at haptio, which is where the gimbal drop comes from, um but yeah I mean, I think, like um I don't know if I should call it the next, the next frontier tim, because we're kind of already there, but like once, we stitch together all these pieces and have these models around packaging.

A

That tim and I are going to show you the like multi-cluster resolution of things, whether it be a gslb to like just making sure packages on clusters are consistently reconciled um is like is where a lot of pain is today. I'll put it that way right and something that we're really interested in figuring out.

B

Yeah, so we are getting very close to having like the fully declarative, spec model of saying I want an opinionated full multi-cluster distribution. Gotonsugo right, we are, we are a couple steps away from that. We are getting very close to it, though,.

A

Cool um and ymo, you said sorry, if I missed this, is it supposed to make cni across clusters easier, um so ymo yeah? So we're going to talk a little bit about this idea of packages pretty soon here um and effectively.

A

There's going to be ways you can plug different things in you know, be it a cni that can stretch across multiple clusters um and it's a bit of a complex question, because there's a lot of ways to do: multi-cluster, connectivity and on different levels for that matter, um but yeah we'll we'll talk a bit about that and feel free to ask us again when we get into it. If we can help uh answer some more um okay, let's talk a bit about packages tim and then we'll uh we'll come back to more questions here.

A

So I'll go to this thing here, all right, so you all have seen um you all have now seen the creation of a cluster showed you a little bit about what's going on with cluster api behind the scenes now um at this point, not to downgrade our efforts, but we've just got a kubernetes cluster and that's not necessarily that impressive um at surface level right when we create our clusters, it's oftentimes about, like the value add we derive on top of it.

A

um If we just gave all of our developers kubernetes clusters, a lot of shops would say wow. So now you're asking me to write code and be a kubernetes expert right. We actually want to be able to like provide platform services. This can be load balancing secret management, storage, integration. You know blah blah blah. The list goes on and and has high variance between all of your use cases.

A

Now. What am I getting at with packages? So essentially, we've got a cluster. Let's see if we can bring back up our cluster list here, so the cluster that we know that exists is tgik guest. So, let's see, if I can do that same thing- cluster cube, config, get admin, um cluster cube, container cluster name because we've got a specific cluster. So again, I'm operating on like highly elevated admin privileges here um this all can integrate through like oidc and things like that, but I'm just keeping it simple.

A

So I have grabbed the admin cube config from tgik guest. I am gonna set my cube, cuddle context here, um cool and now just to do a quick sanity check, we'll do a cube. Cuddle get pods all right now. This is what a vanilla workload cluster looks like just to kind of frame this a bit, and I don't want to steal too much thunder from when tim, and I talk about architecture but just to make you aware, there's a cni in here.

A

There's the cube components.

A

There is something called a capabilities, controller manager, but one thing I want to point out is this: this very important process or container that's running called cap controller, and this is going to be highly relevant to what we talk about with with packages here so inside of ponzu cli.

A

Now that I'm pointed at that workload, cluster, I've also got the ability to run a tonzu package command and those of you who have worked in a linux environment- or you know, frankly, mac or windows, who is copying a lot of the greatness of package management that linux has been doing for years. Right, um you're, probably you're, probably aware of where this is going. The idea to discover look up, install configure packages on a cluster in a similar way that you're used to with apt, with yum, with pacman with brew.

A

So, let's start off by taking a quick look at the packages that are available inside of this cluster, so I am going to run a tonzu package available list and say all dash a okay. Now, what's interesting about this, and I'm sure something tim and I will talk about.

A

A lot is not only have we we're getting to this point where, like everything, is declarative, but we're getting to this point, where almost everything can be encapsulated in this idea of a package so without getting too deep into that right now, an example would be that a package that is available to the cluster- and I want to kind of reiterate that this is available to the cluster- it doesn't mean installed in the cluster but is available, would be andrea or calico and also could include psyllium or weave right.

A

The idea being that if we have this consistent, primitive that we load into the clusters, we can very easily install a lot of these these different pieces now the ones you're looking at right here. Interestingly enough, some of them are already installed, and a lot of these are like lower level components, things that you're probably not going to actually install after the fact. These are like what we sometimes refer to as our core packages, they're they're in the cluster. Some of them are installed. Some of them are running right now.

A

Now there is this idea of bringing a. I don't know if higher level would be the right descriptor, but like a a new set of packages to the forefront that we want to install, perhaps install let's say outside of cluster bootstrapping, so I'm going to call these for the sake of simplicity, user managed packages, packages that users will install.

A

um So what we can do here, kind of similar to how you can add, like a package repo using your favorite package manager right, we can come in here and we can say package repository okay and it's super important to spell it correctly, um and we can list the package repositories and uh right. Oh sorry, they're also namespace, scoped uh and right now we have a tons of core. So this is again a lower level package repo.

A

You probably won't touch it too much, although there are some cool ways, we're looking forward to letting people extend, slash mutate this, but that's for another day. I want to bring higher level functionality in is where I'm going with this. I want to bring in an ingress controller. I want to bring in a uh a secret management solution, a log forwarding component, whatever it might be.

A

So what I'm going to do here, similar to what you would do in linux, I'm going to add another package repository to the mix to make it available and installable inside of the cluster.

A

So I'm just going to go ahead and grab the url for the community edition repo, real quick here- and I am going to paste this in so that you all can see so we're going to say, kunzu package repository, add we're going to call it tce repo, we're going to point it at this url. Now you might notice that this url looks a lot like a container image right so using the oci format as you've noticed with things like helm, charts and those of you who have worked with carvel packages.

A

Oci is, is really breaking out of just being a packaging format for container file systems. It's very much becoming a general. uh Hopefully this doesn't get me in trouble, but more of like almost like a general purpose file system. We bundle things up. They go into this oci uh structure and we can reference them, and this is what our package repository is, and I'm also going to pump it into a specific namespace that will make it globally available.

A

So we'll go ahead and add this repository here, let it go ahead and reconcile, um and what we'll do is we'll we'll take a look at the packages and then and then um answer answer some more questions here.

A

um It might take a second for it to reconcile. um Maybe we'll look at a question real, quick to him. While it's reconciling uh rory said in terms of authentication, how does tonzu handle that with cube? Configs, you are retrieving. Is it client, cert auth, so.

B

There there are packages that we have for day one operations for configuring. You know whatever authentication service you have and identifying your users and binding them to a certain set of configurations. So the the tool we use is piniped uh and piniped has tons of knobs uh and configuration apparatus, but the the idea is that you should be able to do tons once you have pentapen integrated with your identity service you'll, be able to loosely bind uh and set up your user identities and set up your our back roles in your environment.

B

Then you should be able to do tons of login and that tons of login should then federate out to your identity provider come back once you've been okayed, and then it will give you a time scoped search that starts embedded into your coop config and away you go um so that's usually a day one operation so out of the box. What we're kind of doing with a lot of this stuff right now is just you know, root level access we're not really doing day, one sort of configuration of users and how to integrate.

B

With your uh you know, identity, provider.

A

Yeah and we got another good question from amero amigo- uh what is the best way to work with repository air gaps in air gap networks? So this will probably get a bit into your architecture. Thing tim, but maybe we can talk about kind of this package primitive and how we can so easily kind of move things around in an air gapped case.

B

Yeah, so so packages are recursive and there's a different name for that inside of the carvel tooling. They call it a different name, but it basically means a package can go inside a package which can go inside a package. So that's really clever and cool and opens up a whole set of things. So you can, what you can do is you can see an entire repository which is a set of packages and using the carvel tooling? You can because they're basically yaml manifests inside of there with references to containers.

B

You can rip down and re-target all of those to your local environment and reference them directly. So there's a tool called k-build, um which is part of the carville tooling, which allows you to just re-target everything inside of a package and away you go.

A

Cool and then we'll hit on ymos as well up there is it possible to do multi-cluster with kind to minimize costs, and um it might depend a little bit on exactly what you mean with by multi-cluster, but I'm going to take some liberty here, the docker provider, which I don't know if you saw in the beginning of the session ymo, will let you do something very similar to what you're describing what it will do is it'll set up a management cluster using kind images, with some small modifications that we do to them and then that management cluster running via kind via docker can then stand up many uh workload clusters from there.

A

So, like you know, obviously that's not a production model of deployment, but to your point about minimizing costs and just learning. That's how I and probably a lot of engineers on temenized teams just do their testing and validation. We use the kind provider or docker provider. We spin up clusters. This whole package management model and all that stuff is, is still fully functional.

A

Cool okay, um so let's go back and actually look at these packages here, so I have reconciled a package in the cluster using this tonzu package repository command. If we go back and say tonzu package repository list and once again remember that it's namespace scoped we're now going to see a tce repo inside of here as well.

A

So the idea here being when you deploy tons of community edition, we have a community edition package repository and this repo is very much in its infancy. But the cool thing about it is: we can bring a bunch of additional functionality that people can install and deploy into their cluster.

A

So let's take a quick peek at what's available in there. If I now do a tonzu package available list, it'll go through, it will list all the packages. Sorry it's kind of wrapping and ugly here, but if you can sort of actually yeah, I won't even bother with grabbing through that. um You can see a bunch of packages on the left side here, you'll see things like grafana gatekeeper, fluent bit: external dns, contour, cert manager.

A

This is our package repo we ship by default. We're thinking about ways that we can let people bring more packages into like a completely community, supported repo, and also you can bring your own packages in just arbitrarily um with your own repos as well. So this is highly highly extensible built on this package, primitive so without getting too wordy on the architecture.

A

Let's install one of these packages just to maybe give like a quick example of what it might look like. So what we're going to do is we're going to pretend we want to install cert manager. It won't be the you know: fanciest demo, I won't be playing a video game on kubernetes, but you'll get the idea. So if we do tanzu package avail available list and we ask for cert manager, let's grab that up here seems good.

A

It's going to actually retrieve some information about cert manager. So, like a lot of package repositories, not only can we ship these packages, but we can ship different versions of the packages accordingly and then provide upgrades between the different packages and the different versions.

A

So, let's pretend for a moment that I want to install cert manager on the cluster, specifically cert manager 153. So now I can come in and I can say tonzo package install all right and I'll say cert manager. Now this is just the name of it. um I still need to say what the actual package represents, or maybe I should call it like.

A

This is the name of the instance of installation and I need to reference an actual package, so the package name here is going to be our friend cert manager and then, of course, we need to specify a version here too, because we want to make sure we pick up the right one and we'll say version is one five. Three all right now before I hit enter. Let's pull up some windows, so we can sort of watch the paint dry for a moment.

A

um So if I do a cube, cuddle get pods, oh actually, we'll do it in this window, we'll do a cube, cuddle, get pods, all watch. That seems pretty good, okay um and then inside of another window down here, I'm going to uh actually expose you to like an underlying detail that we can watch too. So if we do watch cube cuddle get package install I've got that crd right, um I'm gonna put in the default name space, so I think this should work.

A

I'm pretty sure this should work we'll see. um Let me just triple check real quick, make sure yeah we're good, okay, lovely, okay, so pods are being showed up here on a watch package install is being showed down here.

A

I am going to go ahead and install this package, so let's go ahead and hit that it will start the installation process for us and if we look down here you'll see the declaration of the installed package show up. So this is a package install object. It is reconciling you'll see in the top here. The actual cert manager pods are then being instantiated, so tim will show you this visually, but if you can imagine the chain here, we declared intent to install a package.

A

Cap controller is able to understand oh cert manager. You want that. Oh configuration for cert managers here- oh here's, customization, tim and josh, put in for cert manager, which I didn't put any customization in, but that's possible, and then it actually goes through and satisfies the install of cert manager right here.

A

So that is the general flow of installing these packages. You know the one thing that we're sort of uh overlooking here at this point is just how we get the the configuration of the packages. So there's a schema. That's made available for these different packages as well, which um we can talk a little bit about later, um but kind of similar to the idea of a values file. There's also this construct that we call overlays that we can dig into.

A

We can customize all the things about cert manager um we can de we can look up. A schema, insert manager will basically say here's some knobs that you can turn, but on top of those knobs, we could introduce our own knobs, there's endless amounts of customization to these deployments.

A

Okay. So, let's take a quick look at chat here, um oh yeah, I guess mayor amigo, you asked carvel, I guess tim and I have been or carville we've been throwing that term around quite a bit um tim. You think you can give like a super high level on that. One.

B

um It's a set of tools. Each tool does a very specific job, um we're kind of referencing in particular we're referencing like the package to packaging tool and the k and k app. So um that's one of the tools in the tool chain, but they kind of all come together to form. uh You know almost like a voltron for application management, and so what we're referencing are the image package k app and the key app controller uh I did mention earlier k build as well.

B

As you know, the templating format that allows us to do substitution, all kinds of fancy, things with overlays, that's ytt,.

A

Yep- and we do get a lot of questions too about um you- know, differences with projects like helm and that's definitely a deep topic to go into, but one of the cool things about this, this packaging model is it's totally possible to take a helm chart and expose it in the same packaging construct to be able to discover it, provide different configuration for it and install it into the cluster. So, um like tim said, it really speaks the composability of these blocks.

A

It's not like a you're using karvel you're in all six of these there's actually different parts that can be subbed. I saw you on mute tim. I don't know if you want to add anything to that.

B

Yeah so, like you know, you can pick your favorite templating engine. If you wanted to, and you could potentially sub stout, you know whatever templating you decide is is worthwhile for you or what makes the most sense for you, um we're kind of standardizing on our packaging to use. You know ytt templating out of the box, but that doesn't mean you you're bound into it um so uh yeah. So it's a plugable model to basically compose at the end of the day.

B

We're trying to take some of these things and compose them into higher order constructs and those higher order. Constructs are then really really really powerful for sort of building an ecosystem or a platform.

B

um So that way, if a person wants to build their own package repository bundle, they can go ahead and do that and bundle it in and build the top of it as well as have an opinionated deployment configuration.

B

Everything is a package inside of tonsu is what we're getting towards and if you view in that model, all of a sudden, it starts to unlock a set of possibilities right.

A

Absolutely um and then nick hit on a good question. um This is kind of a merging of different paradigms. Around infrastructure's code is a very popular model.

A

Is there integration with tanzu for something like the terraforms of the world or even like the palumi's of the world?.

B

Yeah, absolutely there's no reason why you can't you can't integrate in and around tanzu with with terraform there's, all kinds of hook, mechanics you can use. It depends what you're trying to do really because provisioning there's. So many steps like terraform usually is all about provisioning, and so you can do a pre-year post set of operations. You can have hooks mechanics into stuff on your clusters. You can do whatever you really want to do. So it's pretty much a dealer's choice. Now. Should we probably provide good reference examples? Yeah?

B

We should, I think, we're just we're very very early days at this point.

A

um And nick you asked if carvill's case on it too. um I would, I would say no, but there's definitely overlap um in in certain aspects.

B

Yeah, I wouldn't view it as case on it. Cassandra is only like the templating bit right, so um ytt is the closest equivalent to case on it. I think that ytt is a lot case. Sounded was really powerful. You can do anything with case on it. The problem is like. It is very difficult for people to parse right. You have to learn another language that is not standardized language formats that most people are accustomed to. uh That said, quesanta is very powerful, um but with ytt we're.

B

Basically you know it's inlined yaml, that's basically a what's the python extension tool. I forgot the name of it. um Sorry I'll have to dig it up here for a second.

A

Yeah, I'm not sure either off top of my head.

B

Going to ytt.

A

Oh, I'm sorry, are you talking about starlark? Yes,.

B

Oh sorry,.

A

I didn't realize you're talking about that got it yeah.

B

So it's basically you're you're. Instead you're inserting starlark style comment blocks inside of yaml, which allows you to do very powerful things for transforms.

A

And kind of, as an aside of what we were talking about, I figured I'd show you all something that I was kind of referring to regarding package customization. If I can remember the five arguments, I need to get right here. Let's see, okay, there we go so um I'll, explain what this is, but basically a lot of these packages and the idea around these packages, of course, is to be able to discover them, but also be able to understand the package, author's intent around knobs that you can introduce um or that they've introduced.

A

I should say so like if I look at the prometheus package, for example, um using that same package available get, I can ask for a value schema, um so we'll grab that and I'm just gonna pipe this into them. So it's a little less chaotic to look at um there. We go so that output, although it's in an editor now, will actually tell me right from the package manager here are the different knobs that we expose.

A

You know. Obviously you just saw me install cert manager with no customization. So a lot of packages try to have sensible defaults, at least to get you bootstrapped. But when you want to go in and actually change things about them, you can understand what knobs are available and then what the actual values are that you can set, and then we can provide alternative values, files to the package, um and then you know.

A

Finally, although I'm not going to show it here, when you get really really advanced, you can even provide your own overlays on top of packages, because we all know the cat and mouse game right when you abstract something and then try to open up little knobs. You never satisfy the world, but the idea of overlays really give you that power to provide the customization. You need and potentially even expose your own knobs.

B

Yeah and you can do all kinds of fancy things around policy too, with overlays so say. For example, you have a policy for inbound things that you want to apply to packages that get installed. You can easily apply those you know by using overlays, and that's the same like if you look at the original models that we had a long time ago around case on it. That was really the game and power that you're trying to do is like all of a sudden.

B

You want to have default policies around how logging gets appended inside of every pod that flows through or for packages that get installed and all of a sudden, you can just apply that overlay to the package install as part of the you know, mutating web hook on inbound.

A

Cool um and then I think, we've got one more question, that's unanswered, and then we can switch over to some architecture stuff, so amir amigo, you asked, can community edition do cnb, build packs, um also something that we're looking at um having in here as well um different ways that you can instantiate like platforms for doing, build, packs and and all kinds of stuff? So it's not there today, but um no reason why it couldn't be so.

B

Yeah, so you know, if we want to, we can start going into like big picture mode and big block diagrams and see how folks roll from there sounds.

A

Great, let's.

B

Do it so, let's see if I don't.

B

Incept the universe here.

B

So allow myself to introduce myself, I think, we're inception. So if I go over to here- and hopefully you can see this one right.

A

I think it's on the screen tim yeah, yeah.

B

Cool there you go um so like what is the 60 000 foot view of all of this, and this this says tkg management cluster, but it's just you know, tce management cluster. Is that really everything is a package? Is a package is a package um if you start to develop this model. That means every componentry that we're building is basically a set of packages. Cli plugins, which were basically the sub commands that you were seeing.

B

All sub commands eventually will be a plugin which will be a package, and that means you can amend and add packages to it. Ideally, we want to get to the point where even the cli has the notion of a repository and in that scenario, it'll come with a default set of packages, but you could apply a separate set of things, so you could build out. You know your tce radiation that you want to your customized tce radiation.

B

Just by building on a set of plug-in packages right, then there's a set of apis that live at the management layer and I think one of the things that is kind of underlooked with cluster api is that because you have this top level layer, it's really a control plane, it's a multi-cluster control, plane and us we basically install by default a set of applications, and there will be more as well, which are basically management plane of things.

B

So, if I were gonna, if I wanted to say, for example, like nick was mentioning auto, install gimbal and hook it up as well as provide an api for for management that would be sort of a management level. Plane thing: um there's also the notion of being able to spin up maybe a cluster for a specific purpose and binding in uh sort of service projection into my workload clusters that could be like a service uh element right.

B

The the opportunities for having this one layer of indirection is pretty endless, so you have a you: have a multi-cluster control plane! It's it's a choose your own adventure from that point, uh then, as josh was demoing before like there is basically the notion of installing individual applications onto your workload clusters, so you can go ahead and just have at it with installing apps there.

B

So you know you can set up separate repo bundles. This is an example of just one very simplified picture, but hopefully you're getting the notion that, like a package is everywhere and a package is fractal and it the applications only depend upon where you're installing it.

A

Tim, an interesting question- and I know this is very forward-looking, but you know one thing we have today that seems to be out of the package model is um a host image right, um like do you foresee, even on that level that potentially eventually becoming a package itself.

B

There's no reason it couldn't. uh We've talked about it like, ideally, because if you can containerize an actual image itself, which you can do, it gets a little weird with some things like an ova uh that we have the potential of basically making everything sort of a container. If everything is a container, then everything can be a package and all packages is basically bundling up a set of yaml plus knobs and manifests and overrides into it, but we're also like we're trying to think beyond just the configuration and deployment. But how do I actually?

B

You know eventually with packages we're also thinking about the build aspect of them too, as well.

A

And then ymo asks something around policy, um as I can use something like opa to say what packages can be installed so put another way, I think like. Could you introduce admission control to do validation on what packages are allowed, and you know that level of stuff.

B

Yeah, absolutely so you could. You could set up it's gatekeeper, so you can do whatever you want, and so you could set up. You know only these repos are allowed, uh or only you know these package packages are allowed. So it could be. You know the gates usually go up the higher up the food chain. You go so if you're in dev, it's like yolo do whatever then you're in stage it's like you're trying to put up some guards that kind of look like prod, but you're still trying things out then you're in prod.

B

It's like you know. You have to have double admission: badges to get through the gates right.

A

Absolutely, in fact, um as a example of a package that might be validating packages, um I did a quick package available list. If you had a cluster up right now, ymo you could, in theory, install gatekeeper as that package provide your opel policies in, like tim, said, and then that could be like opa can do in admission control in general. It could look at the resources of packages and understand what you want to allow to be deployed, and so on so.

A

Cool, um so I could ask you more questions tim, but was there something else that you wanted to show or talk about? I want to derail your train of thought.

A

Tim, I think you're software muted.

B

Yeah, I'm just looking at my notes, cool um so by having everything be a package and by having tce out in the open, you know what we're trying to do is. When I say platform platform you can easily customize whatever you need to do right. So if a person needs, if you're an isv partner, for example, or if you're any person who's trying to provide services in and around kubernetes, you can build an opinionated thing on top of that and fully plug that thing inside of there so and be able to support that going forward.

B

So that's an interesting model that most people don't actually do. So I think that it's a unique opportunity for folks to poke around and get their feet wet with, because I think once you do that, there's a lot of power there that is different and once you get it once it's like kind of like taking the kool-aid or the blue pill or something or the red pill like once you once you take the red pill, you're just like whoa that unlocks a certain sets of things that I could never do before.

B

So extensibility galore is basically what you're getting towards extensible cli plugins extensible sort of package sets extensible distributions like customizing it to the t that you want it to be at.

A

And maybe on that point of extensible distributions, obviously a big player in here is the term that we throw around all the time bomb or bill of materials um I can show. I can show it on my screen if you want me to, but I was just curious if you want to like speak to what that is and why it's important.

B

Yeah, if, if I start out real, simple like what is what is a distribution right, so a distribution, if you view it as a collection of packages, you're going to have package a b c, we'll just make it simple, and then for this, you have versions of it right. You have versions, one two and three and.

B

I'm just kind of drawing here.

B

Now a distribution is a collection of those things, sometimes in the old school parlance, people would call it like a stream right. So if we were talking about tc, it might be something like this right and so tce 1.4 or something like that.

B

It might default to a stream of packages right, and so, when we're saying we can customize, it is the bundling that you want to get, and the defaults that you want to get are are so customizable that you could basically take this and create your own stream on top of it for your own distribution right. This allows you to basically say like I want an opinionated version of something which has x y and z. Oh, and it also has you know, d and other things that you want.

B

So an example here might be: is I'm going to have a customized build for a certain set of scenarios right? That might be something tailored for small use cases or something right? And you could easily do that, so you could have like a uh like. If you were to think about a lot of other distributions there, they sometimes have tailored versions.

B

They have the arm, 64 small version, uh you might have like an edge version or you might have a you know it a big data version or whatever, but that allows you like all the customizability. You can think of.

A

Cool yeah and what these um bombs or bill of materials kind of translate to for those of you who try out tons of and kind of, want to look at what they look like under the hood um where's. My screen at here is one so on that local bootstrapping machine, uh the bomb itself was a package, so you can pretty much you're pretty much like 97. You have a 97 chance of being right if you assume the thing you're looking at as a package in tanzu, um so the tkr bomb.

A

It's a package, it's on my local file system. In this case, and if I open it up, it declares um a lot of the things that kind of make up this.

A

This distribution, um which is which is a really powerful, declarative way to to do things so inside of here I've got everything from my package repos and where those are so remember that core repo, I was showing you and how it had some default packages like on treya and csi, cni, stuff, cap controller, blah blah all that's declared in here and then even like those os image pieces um which searching for os there, we go uh we'll have the different os images based on different providers for this distro um and yeah.

A

It's just like you know so, tim's more on, like the the tonzu architecture. You know all the things and I'm on like the tce side so like for me, I am or my team and what we build is a distribution of this thing. So this is like the lifeblood of what we do right. The ability to go in and plug into one of these things be able to customize it be able to um do a lot of cool stuff like we're not quite there yet.

A

But, for example, you know there's going to be product that vmware cares a lot about, but y'all in the community might be like. Oh forget product. I want like bleeding edge, kubernetes versions and weird cni's and blah blah blah right and we're going to be able to put those kind of things into our distribution um at a both quicker patents and quicker cadence and more experimental with a more experimental gait. I guess you could say um so.

A

This is a really important concept for for tc itself, and I think if we get there, tim it'll be really cool and we have some tooling to help. People create their own versions of these things, or at least customize them right.

B

Yep and so you're, pointing at like one of the things we're trying to work out right now is he's looking at the tkr bomb, but one of the things we're trying to be able to do is make it super seamless for people to build their own tkrs and the tqrs are kind of composed into a couple of different layers right and so we're tr we're currently working through this stuff right now. But I think that you know we are getting to the point where uh we're have enough of the foundation and the plumbing.

B

So that way a person could create a a customized tkr and be able to share that with the community. So I want to make my super micro, opinionated tkr that works really well for arm devices. You can go to town right and that way a person can like spin up environments for that and make it you know really customized, for whatever you're trying to do does bomb stand for something bill of materials.

B

There's another question that says what happens the day: two scenarios as if a package gets updated, uh is there an installer that would pick it up or install and say in dev cluster an example automatically? Yes, you could so there's there's multiple ways that we we haven't. We haven't standardized on how we want to do multiple version releasing leases, but because it's just an oci build artifact.

B

You can just basically say I get the new rev of the container that new river, the container, contains all the versions yeah and because every package contains information about its upgradeability as well as like the scripts that are associated with upgrades, you could just rip through that bomb and upgrade everything or you could do it on a piecemeal fashion. You can basically list what packages are installed and what upgrades are available that that already exists today.

A

And check this out on this, like concept of the bom and tkr standpoint. Right so remember, we have this management cluster in this workload cluster right now. So if I did ponzu kubern kubernetes release okay. So this is where, by the way the tkr comes from- um and we did uh get here- you can see those bombs that are in there.

A

What really excites me is again like this idea that tim said about shipping like a variety of ways to bootstrap and deploy clusters different os images, whatever whatever the things are, that you're changing and you go in here through the cli and you're instantiating clusters all over the place using these different tkrs.

A

You know, maybe over here you bootstrap, this workload, cluster with tkr, tce, bleeding edge, crazy, dangerous, you're, probably going to have pain, and then over here you use like some really enterprise etkr. That's like our mainstream, thingy right or a custom version. So again it kind of speaks this, like you're, not you're.

A

Only just creating your distribution to stand up a cluster you're you're able to slot these in, in a way that when you create a new cluster, you can associate it with one of these bill of materials, and it can be bootstrapped in its own unique way. That's declared by that bill of materials. If that kind of makes sense and brings it full full circle.

B

Yeah there's a question here, uh but does it come with an automated installer? Do I have to write it um so? The way it's structured is installation has like a set of config knobs that pass in tkr is something that you could build separately. If you build your own tkr, then you're going to be responsible for the versioning from a to b. But you know tce builds a tkr and we do the versioning for that tkg, which is basically the the downstream equivalent uh plus plus or minus minus. Actually, uh does that automation for you?

B

So you know we ensure that every version of a tkr can go from lock step to the next version, and you know tce will be doing that for you too, as well. Will there be some hiccups or bumps sure, but um I don't know if you want to walk through like a a cluster upgrade or anything like that at all, uh josh.

A

I unfortunately bootstrapped this cluster on one two one, so I don't know if I can do an upgrade without going through the process of making a new cluster which could take 10 to 20 minutes yeah yeah. I should have thought ahead on that. That would have been very smart but, um as you all could imagine um using well, you know we'll we'll play pretend for a moment how's that sound.

A

So uh if I go and share my terminal in theory, if I had thought ahead and not released on this one but actually released on an older version, I'd be able to go inside of here and actually one figure out what available upgrades there are, which is pretty cool, so tons of kubernetes release available upgrades get um and it doesn't want the cluster name. Oh, it wants a tkr name.

A

I wonder if this will work. I haven't actually used available upgrades before okay cool so like. Basically, what I can do here is, I could say, okay for this tkr v1208.

A

What tkrs can I upgrade to right as like a next step, and one two one two would be an example of that: let's grab um the other tkr.

A

Where was that at josh there we go 119 12., and let's do this, so I can see what the available upgrades are for this, uh and you can see here that it kind of has the the step approach right. So, if you're on 119 your your next upgrade path would be v128 um and then from v128. Of course, as you saw up here, we could go to v121 and when the time is right, um we can use tanzu cluster upgrade here. This command to actually run the the upgrade here.

A

Some examples of these and you can see how we can point them at those tkrs. So if I was on 119 I'd point to that, 128 tkr run the upgrade, and those of you who are familiar with how cluster api upgrades nodes and you know, switches the os image out with a new node and all that jazz. um That is the kind of cycle that you're gonna see happen here too sorry, I can't show it I'm. On the I'm on the bleeding edge, unfortunately,.

B

Yeah, so I mean one of the things that's kind of highlighted in here is like everything is: is we have like this immutable chain going all the way down, right and declarative, immutable chain and sort of like there's a there's, a quality to that or a certain set of attributes that are very interesting or unique, and reproducible right- and I do know that, like there are some imperative goo we currently have inside the cli, but we're fixing all that right now that once you get to that full model of being able to have sort of a get ops workflow through things, it's super powerful right now, you're going to get into some things where you still need to back them up.

B

There's no way to avoid some of that, because you know, but the ability, the ability to basically have a sort of forward-facing, I'm going to commit something to a git repo and all of a sudden boom. My infrastructure's up, that's just that's great. It simplifies everybody's life.

A

And to hit on uh suleiman's question: uh do I need vsphere for tonzu uh and you asked if it works with workstation or fusion so kind of going back to what we talked about before? Definitely don't need vsphere, although vsphere is a provider that we point to um the provider under the hood talks into vcenter.

A

So it would be. You know, vcenter based deployment, but if you downloaded it today, you could put it on an alternative cloud provider. Aws azure and if you just didn't, want to pay people money, you could run it on your local machine using docker, which would just create this whole model locally. It would absolutely not be a model you'd run in production, but it would be something that you could simulate a lot of the things tim and I are showing you right now like.

A

If you were like I'd really like to see that cluster upgrade work, you could set up a docker cluster right now and try that out so.

A

Cool um the only other thing I can think of tim that we haven't- we've alluded to, but maybe haven't talked much about. Should we talk about like the plug-in uh specific to the cli, the cli plug-in architecture.

B

Yeah, well, we can, I don't know if you're doing a bleeding edge, build or not, but like the bleeding edge. Build, should have the notion of a cli plug-ins, two parts, um we're not all there there with the plug-ins being in packages, but we're trying to get there fast.

B

So, ideally, you have a package which and an api around it, but one of the interesting things we're trying to do with the plugins uh is the plugins can tie through the login workflow so say. For example, I've got multiple versions of clusters and their dev stage and products are different versions, and when I log in I want to be able to know uh what plugins are accessible for that environment, because if I'm running an older version in prod, it's going to have to go through an api and check to see what capabilities are there.

B

So one of the things we're building with the the cli is the notion of context awareness. So, if I do you know a login and I work a login workflow for a multi-cluster environment um that login workflow should then pull down and set the context locally. So that way, I have access to the rec, correct, plugins. Now, ideally they're all packages they're all containers, they all have comps and that's just a really clean, simple model.

B

That's what we're getting towards that's we're very close to that.

A

And in in kind of today's state for those who have not dug into kind of what's going on here, like like tim, was saying these commands, let's call them right: tanzu cluster tanzu, conformance tonzu. I am running a very bleeding edge thing here: management cluster. Some of these commands are like things we're developing right now, um anywho uh these just look like cli commands right.

A

So when tim's alluding to like this idea of like there could be packages- and you could contextually see in a cluster which plug-ins and commands should be available to you, what kind of powers is under the hood if you're interested is effectively separate binaries, um which is a really cool concept for those of you who might be thinking about like running these clusters, but extending the interaction with them in functionality. So what am I getting at?

A

Obviously there is a command called tanzu, but how it kind of works under the hood is when you call tanzu cluster, it's actually going in and calling a binary that is completely built for cluster functionality, um so like as an example- and this is in like our architecture docs, but just to get into the nitty-gritty. If we go into um uh local share, it's hondu cli, when you do an install with your package manager, it is going to in the cli in initializes.

A

It's actually going to bring down these binaries. So from a user perspective, you feel, like you, have this singular cohesive, cli, but what's really slick about this is you can go in and build your own plugin, your own binary, those of you familiar with go. This is all powered through cobra you produce that binary, you wire it up and then that command will just show up in your cli.

A

um So imagine there's like some specific thing. You want to shell out to all your developers that they can like introspect something about their cluster. That's like really specific to your use case. I don't know I'm just making this up. You have that extensibility point um that you can provide that, um and then it like tim, was talking about with context awareness.

A

There's like all these cool things coming where, like the developer, won't have to worry about the binary they'll, just like log into a cluster, and the cli will just know that that functionality should be made available to them. So there's there's a lot of cool stuff in in this architecture, but uh in summary, what I'm getting at is when you're running these tanzu commands they're actually separate binaries under the hood and that's what makes it highly highly highly extensible.

B

Yep and so like the current model, you know those are actually binaries but like the way we're moving it towards is like their packages. So if a person wants to publish a new plugin, they can just bind it up to a new repo right and so very similar to how we install the package. There's. No reason why the plugins themselves can't be sort of pluggable aspects of a you know, an actual docker or an oci image itself. That's just run locally.

B

So it's custom, customization galore, like you, can have a field day with this. So you know there's a lot of power, but there's also like it can be kind of a foot gun, uh but at the same time that that that power, that inherent customization is not something you get from other distributions like you, can't go in there and tweak to the nth degree to make my own distribution from a distribution.

B

That's not really easy to do right, but we're trying to build out the apparatus so that way, like I'm, an isv ecosystem person right running wherever- and I want to build my set of tools around it because I have I'm a redistribution partner or whatnot. I can go and do that right and that's an inherently different thing. It's it's really powerful. Kubernetes itself is a platform platform, but most other distributions are not a platform platform.

A

And nick wants to know if a foot gun is only for shooting your foot.

B

Could be, you could also take out a leg.

A

I don't think we have any unanswered questions. Tim was there anything else that you wanted to talk about architecturally, no.

B

I think just kick the tires, you know find out what works and doesn't work. You know, um you know it's open source, it's available for everyone uh see if it works for you and if you like it, you know if you don't like it, give us feedback. You know um always, as always like patches welcome. If you want to customize or change something change, something like you know, we'll happily happily take patches.

A

Yeah, and maybe before I forget, we should totally mention that there's a website, uh I will put it in chat. This is our docs page, like tim said, and I probably should have led with this- is an open source, apache 2.0 project. So if you go to github.com, you go to vmware konzu, you type in community edition. This is the github page containing the project that you were seeing a lot of, there's there's another sub project or not sub project, but a project that feeds a lot of this called tanzu framework.

A

So those of you who dig really deep, you'll you'll find some of that too. But to tim's point it's here. It's available, it's buildable from source and if you do go through our docs and just want to kind of get started, we do have instructions for installing via homebrew and chocolatey. So, to reiterate what tim said kick the tires? Let us know what you think um we're also in kubernetes slack at tanzu-community-edition.

A

We try our best to be as responsive as possible, so please feel free to do the normal anything from hitting us up in slack to filing issues in github. We would we would love to hear from you um nick said. That's super rad thanks. So much nick and thanks for joining us today solely had one more question to uh tim uh resource consumption. um I think, but he's asking specifically about like. Can it do edge cases like low resource utilization.

B

I I'm trying to parse that question uh what about resource consumption? So is it because of the deployment model that you're talking about like? If I'm, if I have a management cluster in workload clusters, I'm trying to parse that um so.

B

uh And there's a question about downgrades, um so I'll do the first one. So if I'm interpreting the question about uh edge use cases uh or and about resource consumption, you would probably still have a central control plane with many edge devices. So like one of the powers of cluster api- and you know the model that we're building with hanzo is that you're going to have some central plane that you want to manage all of these little federated devices and it's totally possible to provision a separate, tkr, specifically tailored for that environment.

B

In fact, we're doing some of that work right now. So if I want to do a very micro distribution that basically runs on these other environments or if I want to be able to like bootstrap into these really small environments, you should be able to build a custom tkr specifically for that or if you had some highly regulated environment, you could have a tkr for that too.

B

But that's like you know: um once you get into those those user stories or scenarios, you you, you have all the power and flexibility to get that, um but you still you're still going to have to like manage it like any other kubernetes cluster right. um So hopefully that made sense, and hopefully that answered your question, I'm trying to beautiful mind what I read there.

B

There was a question about downgrades, um so, if you're trying to downgrade environment the way, I've always viewed this within kubernetes, because resource conversion on the api server never happens backwards like not without you being super smart and writing a tool to do it. I always recommend using valero.

B

There used to be a t-shirt that somebody made said: valero saved my bacon right and so doing a snapshot before you do a major event is always a good thing to do uh and if you have sort of immutable infrastructure, you're doing blue-green style things um you know on the commit you can still sort of parcel out to do and have a backup on that right.

B

So there's I always recommend backing up before you do a major lifecycle operation for a whole environment, because you just never know what can happen like I've seen so I've been around this community for 2014 and I've seen everything I've I thought would be impossible to see or people to use the tools and impossible ways, but I've seen it so far. So nothing, nothing surprises me anymore. I say that, but it always gets surprised by how how many different ways things can break or go sideways.

A

Okay, well on tim and I's behalf, uh thank you all so much for joining us. It was such a pleasure to show this thing off and talk to you all about it.

B

Yeah thanks and if you have any questions like feel free to hit us up on uh slack and you know, feel free to submit issues on on github.

A

Awesome have a great weekend, everybody and hopefully we'll catch. Some of you next friday have a great weekend later.