Set up VMware Enterprise PKS in a Snap with the New Installation Wizard

May 16, 2019 Xiao Gao

VMware recently announced VMware Enterprise PKS 1.4 on April 23. With this new release, we are now offering a new GUI-based installation wizard—currently in Beta—that greatly simplifies the initial installation and configuration of the product. The new wizard significantly reduces installation time and provides flexible configuration options to fine-tune VMware Enterprise PKS with its supporting infrastructure.

All artifacts required to bootstrap and deploy VMware Enterprise PKS are bundled into a single installer appliance, delivered as an OVA. Users can download this OVA file and then follow a self-service wizard with intuitive UI to install the product with simplicity and speed. Since all installation artifacts are included, you can be assured the installer works in a traditional enterprise data center as well as air-gapped environments.  

High-Level Installation Steps

Currently a beta feature in 1.4, this installation wizard is an optional component supplementing existing VMware Enterprise PKS deployment. Administrators who prefer the existing approach of deploying VMware Enterprise PKS can continue to use existing tools and processes.

Here’s how you, as a vSphere infrastructure administrator, can take advantage of the installation wizard, which bundles the UI, Pivotal Ops Manager, BOSH, the VMware Enterprise PKS tile, the operating system (or stemcell), and Harbor together in a single OVA. After downloading and installing the OVA, enter information regarding your vSphere and NSX-T environments to configure Bosh Director and VMware Enterprise PKS. Integration with the vRealize suite of products and Harbor are optional, and they can be enabled or disabled with a single click. The wizard will run a preflight check and then start the deployment. Behind the scenes, the installation wizard automatically deploys the following components:

  • Ops Manager VM
  • PKS Control Plane VM
  • Harbor VM (Optional)

The baseline NSX-T fabric and the installation of the vRealize suite of products are prepared outside the VMware Enterprise PKS installation wizard. After the installation completes successfully and you create the necessary user accounts by using the Ops Manager CLI, you can create an enterprise-grade, CNCF-certified, Kubernetes cluster with a single command:

pks create-cluster mycluster --external-hostname mycluster.corp.local --plan [small |medium| large]  

Building Your Deployment Manifest

To provide a relatively simple installation UI experience, the wizard minimizes user input. Where appropriate, the installation wizard attempts to reduce user input by using dropdowns, and it autocompletes inputs when the list of possible values can be interrogated from the underlying system. The wizard automatically populates parameters with reasonable defaults or derives settings from other inputs (you can override the default values if you want). Server-side validation is performed continuously to validate whether the provided values align with the underline systems.

Once the required parameters are entered, a configuration YAML is generated. You have the option of exporting the YAML file into a GIT repository for configuration versioning and change control management. If you make changes to the exported YAML file, you can import the updated YAML back to the installation wizard. The ability to import and export configuration YAML allows you to build consistent environments with full traceability, free of snowflakes.  

Certificate and Endpoint Management

There are several aspects of installing VMware Enterprise PKS that involve certificates and endpoints:

  • VMware Enterprise PKS API endpoint certificate
  • VMware NSX-T endpoint certificate
  • VMware NSX-T principal identity certificate setup
  • Harbor endpoint certificate

To simplify updating and maintaining these certificates, the new installation wizard gives you two options: You can upload pre-generated certificates into the installer or leave certificate setup entirely to the installer. Selecting the “manual certificate update” option enables you to upload pre-generated certificates. For pre-production or POC deployments where a self-signed certificate is sufficient, the installation wizard will take on the entire responsibility of generating the certificates. With the self-signed option, the whole certificate setup process can be accomplished with almost no additional inputs from the user.


NSX-T Deployment Topologies

The VMware Enterprise PKS 1.4 installation wizard supports bringing your own NSX-T Tier 0 and Tier 1 routing topology or provisioning a new topology on an existing NSX-T fabric. When using the installer to automate the provisioning of a new topology, only NAT topologies can be provisioned. No-NAT topologies can be preprovisioned and imported from the installation wizard.

Here’s what the NAT topology looks like:

When the installation wizard provisions a NAT-based T0 and T1 topology, the following events are part of the subsequent VMware Enterprise PKS and Kuberntes cluster workflow:

  • VMware Enterprise PKS control plane (Ops Manager, BOSH Director, VMware Enterprise PKS, and Harbor VM) components are all located on a logical switch that has undergone Network Address Translation on a T0.
  • Kubernetes cluster master and worker nodes are located on a logical switch that has undergone Network Address Translation on a T0. DNAT rules are programmed to allow access to Kubernetes APIs.

Support for Multiple Availability Zones

Multiple availability zones can be configured for Kubernetes cluster redundancy; each availability zone can map to a vSphere cluster. An admin user can create as many availability zones as the underline vSphere resources allow.

Availability zones can be assigned immediately after creation. It is up to the administrator how the Kubernetes control plane and data plane map to the availability zones. Here’s what an example configuration for a large Kubernetes cluster looks like; note how the plan places the master and worker nodes in separate availability zones to prepare the deployment to handle resource heavy workloads:


Day-2 Integrations

Integration with logging and monitoring are as simple as changing a setting. vRealize Operations Manager, vRealize Log Insight, Wavefront by VMware, and syslog are all available options.

Harbor Integration

Harbor integration is optional but highly recommended for enhanced container image integrity and security. Image integrity starts with managing signed CA certificates so the Kubernetes clusters can automatically trust the Harbor registry. Image signing and scanning using the latest CVE database help ensure that workloads running in production are trusted and free from known attack vectors. In the installation wizard, two clicks are all that are required to enable image signing with Notary and scanning with Clair.


The new VMware Enterprise PKS installation wizard offers a much-simplified deployment experience while offering Kubernetes as a service both in a traditional datacenter as well as air-gapped environments. The UI-driven approach dramatically reduces setup time, now instead of focusing on how Kubernetes fits into your infrastructure, you can focus on improving your business.

Check out the demo below which shows you step by step how to use the installation wizard to set up VMware Enterprise PKS. 

Note: The beta is available for any existing Enterprise PKS customers to try out now. If you are interested, please reach out to your VMware representative to get the access to the bits.

About the Author

Xiao Hu Gao is a Technical Marketing Manager at VMware CNABU. He enjoys speaking to customers and partners about the benefits of running Kubernetes on top of VMware technologies. Xiao has a background in DevOps, Data Center Design, and Software Defined Networking. Xiao is CCIE (Emeritus) and holds few patents in the areas of Security and Cloud.

More Content by Xiao Gao
Announcing Velero 1.0: Stability, Usability, Extensibility
Announcing Velero 1.0: Stability, Usability, Extensibility

This significant release improves the installation experience, Helm support, the plugin system, and overall...

Cluster API Lays the Groundwork for Declarative Kubernetes Lifecycle Management with v1alpha1
Cluster API Lays the Groundwork for Declarative Kubernetes Lifecycle Management with v1alpha1

We hit a very important milestone in the Cluster API project: We cut our first official alpha release. The ...


Subscribe to our Newsletter

Thank you!
Error - something went wrong!