VMware PKS 1.3 Now Generally Available with Azure Support and Enhanced Networking, Security, and Management Features

January 16, 2019 Narayan Mandaleeka

Editor’s note: On February 26th, 2019, VMware renamed VMware PKS to VMware Enterprise PKS. To learn more about the change, read here.

We are excited to announce the general availability of VMware PKS 1.3 today. VMware PKS 1.3 adds rich features that enhance multi-cloud support, networking and security, management and operations. This release also includes support for Kubernetes 1.12.

With these new features, VMware PKS 1.3 delivers a production-grade, enterprise-ready Kubernetes solution that offers expanded IaaS support, enhanced network and security functionality, and more efficient cluster management and operations. In addition, with the inclusion of Kubernetes 1.12, VMware PKS 1.3 brings an array of the latest stable Kubernetes features to developers.  

Microsoft Azure Support

VMware PKS 1.3 introduces support for Microsoft Azure adding breadth to its currently supported IaaSes including VMware vSphere, Google Cloud Platform, and Amazon EC2.

VMware PKS enables self-service provisioning of Kubernetes across multiple clouds with a common user interface. It also optimizes the Kubernetes clusters for the IaaS they are provisioned into – making workloads and operational tasks portable on any supported cloud while enabling enterprises with operational efficiencies around provisioning and day-2 operations.   

Greater Flexibility and Configurability for Networking and Security

In the previous VMware PKS release (1.2), we introduced a new network profile feature to configure networking and security parameters. For example, you could specify the size of the load balancer for a given Kubernetes cluster. With the 1.3 release, we have expanded the number of networking parameters that can be customized when creating a Kubernetes cluster, providing greater flexibility and configurability.

Better Tenant Isolation with Multiple Tier 0 and Selectable Tier 0 Routers

Tier 0 routers bridge the physical and virtual networks by providing an “on and off” gateway service between logical and physical networks. A single VMware NSX-T instance can support multiple Tier 0 routers. By deploying Kubernetes clusters across multiple Tier 0 routers, organizations and service providers get better network isolation between tenants. In addition, the use of multiple Tier 0 routers makes it possible to use overlapping IP address ranges, providing greater autonomy to tenants in choosing IP address ranges for their services.

With VMware PKS 1.3, you can now specify a Tier 0 router using the network profile feature when you create a cluster. The Kubernetes clusters and all networking objects that are created or configured as part of the cluster such as a load balancer, Tier 1 routers, and SNAT rules are created on this Tier 0 router. Given that a single Tier 0 router can support a finite set of such networking objects, use of multiple Tier 0 routers allows much greater scale.   

Improved Traceability and Visibility with Routable CIDRs for Pods

Routable IP addresses assigned to pods provide traceability of workloads making egress requests. In addition, routable IP addresses provide direct ingress access to pods for certain specialized workloads. With VMware PKS 1.3, at the time of Kubernetes cluster creation, you can specify whether you need the pods to be routable or non-routable (NAT’ed) by using the network profile feature. In addition, you can also specify the range of blocks that needs to be used for the IP addresses of the pods. To learn more about this feature, check out this blog post.

Better Networking Optimization with Selective IP Address Range and Subnet Size for Pod IP Addresses

With VMware PKS 1.3, you can override the global pod IP address block configured for VMware PKS with a custom IP address block range along with a custom subnet size. This feature comes in handy when your global IP address range for pods is reaching capacity and you need to deploy new Kubernetes clusters or you need a larger or smaller size subnet for each namespace

Heading 2

 being created within a cluster.

Increased Scalability by Supporting Larger Load Balancers

In earlier versions of VMware PKS, you could specify small or medium load balancers. VMware PKS 1.3 adds support for large load balancers. Supporting large load balancers provides higher scale in several areas: number of services, number of backend pods per service, and throughput (transactions per second) per service.

Better Isolation across Environments by Deploying Multiple VMware PKS Control Planes across a Single NSX-T Instance

With this new release, multiple instances of VMware PKS can be deployed on a single shared NSX-T instance. Each instance of the VMware PKS control plane can be deployed on a dedicated NSX-T Tier 0 router to provide complete end-to-end isolation. With this feature, users can dedicate separate VMware PKS instances to their development, staging, and production environments, respectively. This isolation lets you choose to, for example, upgrade your development environment to assess the impact on workloads before upgrading your staging or production environment.  

Enhanced Management and Operations for Optimizing Cluster Performance and Reducing Deployment Risks  

Backup and Recovery of Kubernetes Clusters

While the previous versions of VMware PKS supported backup and recovery of the VMware PKS control plane, this release now supports backup and recovery of Kubernetes clusters when they are deployed in a single master mode. You can recover Kubernetes clusters and stateless workloads by using the BOSH Backup and Restore (BBR) toolset.

Preventing Downtime with Smoke Tests

Preventing downtime to running workloads is key to operating Kubernetes in production.  Upgrades can sometimes have unintended effects on production clusters. PKS 1.3 introduces an optional set of Kubernetes cluster tests – known as smoke tests – to prevent unintended downtime due to cluster upgrades. Smoke tests let you assess the impact of an upgrade before actually upgrading running clusters.

The smoke tests create an ephemeral Kubernetes cluster after each upgrade of VMware PKS, but before applying upgrades to running Kubernetes clusters. This ensures that a test cluster can be provisioned and basic Kubernetes functionality validated with the upgraded software before applying the upgrade to the running clusters. Upon successful completion of the smoke test, the test cluster is deprovisioned to reduce resource consumption, and upgrades then proceed on the running clusters.  

Support for Kubernetes 1.12 and Other New Features

VMware PKS 1.3 supports Kubernetes 1.12 with the best and latest stable Kubernetes features. As an inherent part of the development flow of VMware PKS, we validate Kubernetes for enterprise readiness by confirming that it has fully passed all Cloud Native Computing Foundation (CNCF) Kubernetes conformance tests. The conformance testing is designed to ensure workload compatibility and portability.

VMware PKS 1.3 clusters can also share volumes between containers within a single pod. Scenarios such as creating an application that accesses a database while another reads database metrics are now possible. Mount propagation in Kubernetes 1.12 allows similar private, rshared, and rslave Linux primitives between containers.

In addition to the above features, VMware PKS 1.3 lets you deploy NSX-T and other IaaS control plane elements such as VMware vCenter behind an authenticated HTTP proxy, thereby restricting access to the IaaS control plane to improve your security posture.

VMware PKS 1.3 also includes Harbor 1.7 with features such as Helm charts management, improved LDAP support, image replication, and database migrations. Other advanced features include the ability to view image build history, re-tag images, and perform online garbage collection. Click to learn more about Harbor 1.7.

To learn more about VMware PKS, check our website: https://cloud.vmware.com/vmware-pks

Check out Pivotal’s blog post at: https://content.pivotal.io/blog/pks-1-3-adds-azure-support-for-a-royal-flush-of-multi-cloud-kubernetes  

Try the VMware PKS Hands-on Labs: https://labs.hol.vmware.com/HOL/catalogs/lab/4734


About the Author

Narayan Mandaleeka is Senior Product Line Manager for VMware PKS at VMware’s Cloud Native Business Unit. Narayan primarily manages the VMware PKS roadmap and its integration with VMware NSX-T. Prior to this role, Narayan was a Group product line manager for vRealize Suite of products and VMware Cloud Services. Prior to joining VMware, Narayan held different positions at HP. While there, he was the lead product manager for Cloud Service Automation, a system architect, and an engineering manager at HP Software.

More Content by Narayan Mandaleeka
Enterprise-Ready Containers with VMware vSphere Integrated Containers 1.5
Enterprise-Ready Containers with VMware vSphere Integrated Containers 1.5

Version 1.5 adds support for storage quotas, alternate Linux operating systems, VMware NSX-T, and the lates...

Congratulations CNCF Community Award Winners!
Congratulations CNCF Community Award Winners!

It was a very proud moment last night for the cloud native community as the Cloud Native Computing Foundati...