Confidential │ © VMware, Inc.
Backstage & Tanzu Application Platform
Same same, but different
Robert Jensen
Lead Systems Engineer @Vmware
@rhjensen / jensenr@vmware.com
2/2/2023

Confidential │ © VMware, Inc. 2
Agenda
§ VMware and Open Source
§ What is a developer portal
§ The Spotify Journey and Backstage
§ VMware and Tanzu Application Platform
§ Demo
Inspiration for this talk

Confidential │ © VMware, Inc. 3
VMware & Open Source

Confidential │ © VMware, Inc. 4
VMware? VMware Tanzu?

Confidential │ © VMware, Inc. 5
2018
VMware Pivots
2020
2019 2021
2019

6
Confidential │ © VMware, Inc.
“Open source participation is a
win-win for the company and the
community… This isn’t about
philanthropy, it’s about the
opportunity for all and innovation
at speed.”
Joe Beda, Principal Engineer VMware
Joe Beda, Retired

Confidential │ © VMware, Inc. 7
VMware is committed to Open Source https://tanzu.vmware.com/open-source
CNCF Projects
Cloud Foundry Foundation Projects
VMware-Driven Projects
Community Projects
Apache Software Foundation Projects

Confidential │ © VMware, Inc. 8
Open Source Packaging

Confidential │ © VMware, Inc. 9
Open Source Contributions around K8S
356352
200444
142376
93669
Cluster API
2 of 7
steering committee members
4 of 24
special interest groups led by VMware
3 of 8
working groups led by VMware
https://github.com/kubernetes/community/blob/master/sig-list.md

Confidential │ © VMware, Inc. 10
VMware driven projects
Pinniped

Confidential │ © VMware, Inc. 11
Donations to Cloud Native Computing Foundation
Graduated Incubated Sandbox

Confidential │ © VMware, Inc. 12
VMware is one of 4 commercial partners of Backstage?

Confidential │ © VMware, Inc. 13
What is a Developer Portal ?

Unifies all your tooling, services, apps,
data, and docs with a single, consistent UI
Makes sense of everything in your
ecosystem, regardless of how and where
individual components are running
Let developers focus on what they do best
(leading to much less activity in #aaargh
Slack channel)
A developer portal =
one frontend for your
entire infrastructure
NerdOut Podcast

Confidential │ © VMware, Inc. 15
Backstage

Confidential │ © VMware, Inc. 16
«Happy developers make happy code»

Confidential │ © VMware, Inc. 17
“Software is still eating the world”
Trends like microservices,
SaaS sprawl, and cloud-
everything create a chaotic
ecosystem for engineers.
Every company uses
different subsets of these
tools and faces different
challenges.
Your whole stack is getting
more complex; onboarding
and collaboration are
becoming more difficult.
https://landscape.cncf.io
CAUSES FRICTION
AFFECTING DEVELOPER HAPPINESS

Confidential │ © VMware, Inc. 18
The Spotify Journey
.. back in 2016
hyper-growth
mode
speed-to-
market
developer
effectiveness

Confidential │ © VMware, Inc. 19
Backstage is an open platform for
building developer portals.
Created at Donated to
2016 2020

Confidential │ © VMware, Inc. 20
Backstage is a developer portal

Confidential │ © VMware, Inc. 21
Attributes Of Developer Portal
Lowers cognitive load
for developers and
boosts Developer
Productivity by
creating
Provides a developer centric view
Abstracts away underlying technology
Provides a pluggable framework
Maximizes Time to Value

Confidential │ © VMware, Inc. 22
Finding the golden path | path to production
This is the way
Golden Path
https://engineering.atspotify.com/2020/08/how-we-use-golden-paths-to-solve-fragmentation-in-our-software-ecosystem/

Confidential │ © VMware, Inc. 23
Backstage plugin ecosystem
Customizable and extensible plugin
architecture
§ Built with modern technologies and
common frameworks
§ Makes it easy to develop for and
contribute to your dev portal
§ Cloud-agnostic and vendor-neutral

Confidential │ © VMware, Inc. 24
Paid plugins
- 15 December 2022
announcement
- New marked for Spotify ?

Confidential │ © VMware, Inc. 25
Backstage in open source

Confidential │ © VMware, Inc. 26
Backstage success
80% of contributions come from
outside the core team
180+ plugins contributed

Confidential │ © VMware, Inc. 27
Backstage is building a proven track record across industries
Currently 75 224 public adopters
https://github.com/backstage/backstage/blob/master/ADOPTERS.md

Confidential │ © VMware, Inc. 28
Demo Backstage OSS
https://demo.backstage.io

Confidential │ © VMware, Inc. 29
Free Backstage Course
https://backstage.io/blog/2022/11/15/linux-foundation-introduction-to-backstage-course

Confidential │ © VMware, Inc.
Great resources
Case studies, explainers, and one-on-one demos:
backstage.spotify.com
Community Sessions:
github.com/backstage/community
Newsletter:
https://spoti.fi/backstagenewsletter
Discord:
https://discord.gg/MUpMjP2
https://backstage.spotify.com/blog/resource/steal-this-deck/

Confidential │ © VMware, Inc. 31
Tanzu Application Platform
(TAP)

Confidential │ © VMware, Inc. 32
Based on Backstage, but with it’s own opinions (and focus)
Pre installed with
Ø Docs
Ø Accelerators
Ø API’s
Ø Supply Chain
Ø Security Analytics
Only runs on K8S

Confidential │ © VMware, Inc. 33
Documentation
• Based on
Mkdocs
• Written in
markdown
• Documentation
& Code in
same repo.
• Build when you
push(sort of)

Confidential │ © VMware, Inc. 34
API
• Based on
OpenAPI
• Auto updated
with app
• Dependencies
• Internal /
External Api’s
• Swagger
interface

Confidential │ © VMware, Inc. 35
Application Accelerators
• Templates for
Apps,
Baselines etc.
• Can be
”anything”
• Takes input
• Customizable
using Sed,
YTT, etc.

Confidential │ © VMware, Inc. 36
Supply Chain
• Supply Chain
UI
• CVE info
• Test info
• Overview

Confidential │ © VMware, Inc. 37
Security Analysis
• Security
overview

Confidential │ © VMware, Inc. 38
Tanzu Application Platform is
backed by some of the most
mature and popular open-
source projects available today
In addition to Backstage
Garnering 200+ plugins Backstage has gained tremendous traction
by helping organizations build self-service developer portals
Carvel
Developers build, deploy, and manage their own apps
and package them so they are more easily distributable
Cartographer
Operator teams create secure, reusable supply chains that
define all of application CI and CD in one place
Built with an open source-first mindset
And many more….
Building open-source software and contributing to
communities is at the core of VMware’s engineering spirit
Innovative, interoperable, scalable and secure solutions

Confidential │ © VMware, Inc. 39
Developer
Code tanzu
workload
Supply Chain
Running
app
Deploying an App with Tanzu Application Platform
Watch
Git
Build
Image
Conventions
GitOps
DevSecOps
Start
Inner Loop Outer Loop

Confidential │ © VMware, Inc. 40

Confidential │ © VMware, Inc. 41
Recap: what have we saw today?
§ VMware | VMware Tanzu OSS Contributions
§ What a developer portal is
§ The Spotify Journey and Backstage
§ VMware and Tanzu Application Platform

Choreographed
CI/CD
Meet Cartographer:

> whoami
Bridging Dev and Ops.
● 20+ years of experience as developer and architect
● Working with Kubernetes 5+ years
● Working with Netic Kubernetes offerings
@langecode
in/thor-lange-26b388
Thor Anker Kvisgård Lange
Platform Development Specialist

Code not in production does not
provide any ROI
In a nutshell

From feature to production
production
?

Path-to-production
Thoughtworks Technology
Radar - October 2022
Path-to-production
mapping
techniques

”First, the steps in the process are listed in
order, from the developer workstation all the
way to production.
Thoughtworks
Path-to-production mapping
Path-to-production

Path-to-production
New
Code
Code
Analysis
Build QA CAB Deploy
Example

pipeline
CI/CD to the rescue?
Watch
repository
Build image Tests
Generate
configuration
Deploy
Continuous Integration
Server
(Orchestrator)

Numerous CI solutions
…and many more

Current challenges
pipeline - team A
A B C D E
pipeline - team C
B C D E
pipeline - team B
F B C D
CI Orchestrator

Cartographer
A supply chain choreographer

The orchestration pattern
orchestrator
(conductor)
A
B
C

The choreography pattern
A
B
C
watches
watches

Leveraging existing components

Supply chain choreography
blueprint
Watch
repository
Build image Tests
Generate
configuration
Deploy
Cartographer Controller
workload delivery
Match supply chain or
delivery blueprint
Owns
Dev Ops
SRE/Platform/…

Defining a workload
apiVersion: carto.run/v1alpha1
kind: Workload
metadata:
name: kubernetes-info
namespace: cartographer-build
labels:
netic.dk/workload-type: simple-image
spec:
serviceAccountName: build
source:
git:
url: https://git.netic.dk/scm/kub/kubernetes-info.git
ref:
branch: main
params:
- name: observability
value: true
supply chain
source
optional params

New workload
blueprint
Watch
repository
Build image Tests
Generate
configuration
Deploy
Cartographer Controller
workload
Dev
Watch
repository
Build image Tests
Generate
configuration
Deploy

Demo

Build and push container image
Simplest possible demo?

Demo - blueprint
supply chain blueprint
Watch repo Build image
apiVersion: carto.run/v1alpha1
kind: ClusterSupplyChain
metadata:
name: supply-chain
namespace: cartographer-build
spec:
selector:
netic.dk/workload-type: simple-image
resources:
- name: source-provider
templateRef:
kind: ClusterSourceTemplate
name: source
- name: image-builder
templateRef:
kind: ClusterImageTemplate
name: kaniko-image
params:
- name: image_prefix
value: registry.netic.dk/netic-oaas/
sources:
- name: source
resource: source-provider

Demo - create workload
apiVersion: carto.run/v1alpha1
kind: Workload
metadata:
name: cartographer-demo
namespace: cartographer-build
labels:
netic.dk/workload-type: simple-image
spec:
serviceAccountName: build
source:
git:
url: https://git.netic.dk/scm/pd/cartographer-demo.git
ref:
branch: main
workload
GitRepository
(fluxcd)
Runnable
(Cartographer)

Demo - run

Demo - add vulnerability scanning
...
- name: image-builder
templateRef:
kind: ClusterImageTemplate
name: kaniko-image
params:
- name: image_prefix
value: registry.netic.dk/netic-oaas/
sources:
- name: source
resource: source-provider
- name: trivy-scanner
templateRef:
kind: ClusterImageTemplate
name: trivy-image-scanning
images:
- name: image
resource: image-builder
supply chain
blueprint
Watch repo
Build image
Scan image

Demo - scanning result

Cartographer Recap
● Opinionated path-to-production
● Supply chain and delivery blueprint
● Hide complexity
● Standard contract
● Separation of concerns
Takeaways

Alfred Nobels vej 25, DK-9220 Aalborg Ø * Tlf. 77 77 08 88 netic.dk company/netic-as
Thanks for listening.
..and we are hiring:
https://www.netic.dk/ledige-stillinger/

References
● https://www.thoughtworks.com/radar/techniques/pat
h-to-production-mapping
● https://tanzu.vmware.com/developer/guides/supply-
chain-choreography/
● https://kccnceu2022.sched.com/event/605caab6b752
f79dcaa5a5a2b02735ea