Book Image

DevSecOps in Practice with VMware Tanzu

By : Parth Pandit, Robert Hardt
Book Image

DevSecOps in Practice with VMware Tanzu

By: Parth Pandit, Robert Hardt

Overview of this book

As Kubernetes (or K8s) becomes more prolific, managing large clusters at scale in a multi-cloud environment becomes more challenging – especially from a developer productivity and operational efficiency point of view. DevSecOps in Practice with VMware Tanzu addresses these challenges by automating the delivery of containerized workloads and controlling multi-cloud Kubernetes operations using Tanzu tools. This comprehensive guide begins with an overview of the VMWare Tanzu platform and discusses its tools for building useful and secure applications using the App Accelerator, Build Service, Catalog service, and API portal. Next, you’ll delve into running those applications efficiently at scale with Tanzu Kubernetes Grid and Tanzu Application Platform. As you advance, you’ll find out how to manage these applications, and control, observe, and connect them using Tanzu Mission Control, Tanzu Observability, and Tanzu Service Mesh. Finally, you’ll explore the architecture, capabilities, features, installation, configuration, implementation, and benefits of these services with the help of examples. By the end of this VMware book, you’ll have gained a thorough understanding of the VMWare Tanzu platform and be able to efficiently articulate and solve real-world business problems.
Table of Contents (19 chapters)
1
Part 1 – Building Cloud-Native Applications on the Tanzu Platform
7
Part 2 – Running Cloud-Native Applications on Tanzu
11
Part 3 – Managing Modern Applications on the Tanzu Platform

Applying governance policies to clusters using TMC

In the previous section of the chapter, we learned how to get started with TMC by registering a TKG management cluster, creating a TKG workload cluster, attaching a GKE cluster, and finally, grouping them – but why do we bring all the clusters to TMC? In this section, we will check this out by performing various activities with these clusters using the TMC interface. We will cover the following activities:

  • Configuring a security policy for a cluster group
  • Configuring an image registry governance policy for a Workspace
  • Configuring a deployment governance policy for a cluster group
  • Checking policy violation status for clusters
  • Inspecting a cluster for CIS benchmark compliance

This is a long list of activities to cover in this section. Let’s knock them off one by one.

Configuring a security policy for a cluster group

When it comes to running containers, several things can be misconfigured...