lication under the sun, running those applications quickly and securely

while providing a simplified management environment.  Over the past

twenty years, across all customers and partners worldwide, over 70 million
applications are running on vSphere in total. While new applications run
well on vSphere, the real question is how to make vSphere the best
place to run those new apps – better than any other infrastructure out
there.  We believe that with vSphere 7 with Kubernetes, vSphere is now
truly the best place for modern applications.
Back in VMworld 2019, we announced Project Pacific, a technology
preview for how we could integrate Kubernetes with vSphere.  It was a
profound idea – taking the best of Kubernetes and apply it to vSphere, and
the best of vSphere and applying it to Kubernetes.  vSphere 7 is the result
of this foundational technology work.  Unlike many other announcements
around vSphere 7, Project Pacific is not a feature of vSphere – it
simply is vSphere.  vSphere itself has dramatically expanded to include all
these great new capabilities.
(As a quick side note, it’s important to note that vSphere 7 has many, many
new features and capabilities besides Kubernetes.  While I talk all about
Kubernetes here, there’s a lot more to learn about in vSphere 7.)
Joe Beda is fond of saying that Kubernetes is a “platform platform.”  In
other words, Kubernetes is a great platform on which to build new
platforms.  This is, to some degree, what we’ve done with vSphere 7 with
Kubernetes.  We leverage Kubernetes as both an infrastructure interface
and extension interface to deliver a lot of new capabilities in vSphere.  That
means that all the great vSphere functionality is there, but there’s a new
way of accessing it – via Kubernetes.  This is great for developers who
demand a native Kubernetes interface for building and running their
modern applications.
Project Pacific enabled this powerful extension capability within vSphere
via Kubernetes.  We have leveraged this extensibility to deliver new
differentiated services on top of vSphere and VMware Cloud Foundation. 
We’re calling this set of services VMware Cloud Foundation Services:
Let’s talk about each type of service in turn:

Tanzu Runtime Services

Tanzu Kubernetes Grid (TKG) provides a consistent Kubernetes
experience across clouds.  With it, customers are able to rapidly provision
and manage Kubernetes clusters in any and all locations they need
Kubernetes-based workloads to run (both vSphere-based and non-
vSphere-based).  The goal of TKG is deliver a consistent experience with
Kubernetes, irrespective of the underlying infrastructure.  However, when
TKG runs on vSphere, we are able to leverage all the innovations we’ve
created with Project Pacific to offer a better experience for customers.
For instance, Kubernetes clusters can be self-service provisioned by
developers on top of vSphere via a Kubernetes interface.  VI Admins will
have full visibility into those clusters and whatever else developers want to
provision.  VI Admins will be able to apply vSphere policies and tooling to
those clusters and pods.  In other words, TKG offers a great experience for
both developers and VI admins.

Hybrid Infrastructure Services

The Hybrid Infrastructure Services are mostly core vSphere or SDDC
capabilities exposed via Kubernetes.  The Storage and Network Services
expose vSphere (or vSAN) Storage and NSX functionality respectively,
allowing any Kubernetes workload to take advantage of these proven
SDDC technologies.
The vSphere Pod Service combines the best of containers and
virtualization by running each Kubernetes pod in its own, dynamically
created VM.  The idea here is to leverage the isolation and security of a VM
with the simplicity and configurability of a pod.  vSphere Pods are also first-
class entities in vSphere, so VI admins can both get full visibility into them
from the vSphere Client, but can also use all their existing tooling to
manage vSphere Pods just like existing VMs.
The Virtual Machine Service, while in tech preview today, enables VMs to
be managed by Kubernetes.  In this model, all components of an
application – VMs, containers, and more – can be managed with and
through Kubernetes.  This is powerful because it can enable all of a
company’s applications and app components to be stored in a container
registry, to be provisioned and operated with Kubernetes.

Future Services
As mentioned above, Kubernetes is a powerful extensibility point and many
of our partners are creating Kubernetes integrations for their own offerings.
Given that vSphere 7 now has a Kubernetes interface, we are exploring
how we can help drive greater integration of partner solutions on top of
vSphere.  In this extensibility model, these partner solutions could be
offered via Tanzu Application Catalog (formerly known as Bitnami).  Rather
than being just static images, these solutions could be actual services that
could run on whatever vSphere infrastructure a customer wanted.  At a
click of a button, a developer could easily get a database, messaging
system, ML infrastructure, or anything else provisioned alongside the
application they’re developing or running in production.  This powerful
model is made possible via vSphere’s integration with Kubernetes.

Application-Focused Management
As you can tell from the list of services above, the integration of Kubernetes
into vSphere has unleashed a torrent of innovation.  From a technical point
of view, all these new services and applications mean there will be many
more objects for a vSphere admin to manage.  No longer is each app just a
single VM, but now a single logical application may comprise many VMs,
many pods, and some of the above-mentioned services.  So in addition to
Kubernetes support in vSphere, we also needed to uplevel how admins
managed vSphere environments, enabling them to manage at much
greater scale.  We call this capability application-focused management.
We accomplish this by leveraging Kubernetes namespaces to group VMs,
pods, and services that are part of a logical application.  The administrator
can then manage the namespace directly and virtue of managing that one
namespace, implicitly manage all the components inside it.
For instance, consider the “same day shipping app” in this screenshot:

You see that this one screen has a holistic set of information about the
application.  The app is comprised of one Kubernetes cluster and four
pods.  We can see aggregate CPU and memory utilization.  But what’s also
cool is that we can set policy at the namespace level and have those
policies apply to all objects inside the namespace.  We can set storage
policies, resource management policies, permissions, and more.  In this
way, the VI admin can manage just the one namespace without needing to
know exactly what objects a developer has provisioned inside the
namespace.  In fact the developer can continually provision new objects
and destroy old ones, all without the VI admin’s knowledge, while all the
time the policies and settings the VI admin applied to the na