Kubernetes on VMware Cloud Foundation 9.0: A Single Platform to Run Workloads Securely with Simplified Operations

As organizations prioritize digital transformation, they are running a mix of applications, leveraging both virtual machines and containers to meet their evolving infrastructure needs. However, managing both traditional and container-based applications presents complexity, operational inefficiencies, and security risks. Organizations need a single, simplified, and secure platform to bridge the gap between legacy  and modern IT environments.

VMware Cloud Foundation (VCF) has the solution- VCF offers a single platform with built-in Kubernetes runtime that orchestrates Kubernetes management, enabling enterprises to run modern applications alongside traditional workloads, and includes an upstream conformant certified Kubernetes distribution. With the vSphere Supervisor, VCF provides the users self-service access to a comprehensive set of cloud services out of the box. This includes VMware vSphere Kubernetes Service (VKS), which is used to provision Kubernetes clusters and includes a conformant Kubernetes release as well as a standard package of key OSS components. VCF empowers Cloud Admins and Platform Engineers with choice of interfaces including GUI, CLI and API, making it easier for teams to be efficient and productive quickly, instead of having to spend time learning new toolsets. 

Figure: vSphere Supervisor

We are excited to introduce key enhancements to how Kubernetes runs on VCF 9.0. Whether you are modernizing legacy apps or scaling modern workloads, VCF 9.0 offers a single platform to build and operate all your workloads at scale, securely and efficiently. 

• Single Platform for VMs and Containers 

VCF delivers a single platform that supports both legacy and modern workloads. This enables organizations to modernize all workloads in a consistent manner with the latest Kubernetes innovations. 

• Unified API to provision and manage both VMs and containers: A consistent API allows users to create, deploy, and manage both VMs and Kubernetes clusters. This simplifies automation, reduces integration challenges, and ensures uniform policies and security controls across all workloads. With a unified API, it allows Platform Engineers to interact with compute resources in a consistent manner, eliminating the need for separate tooling, and lowers training costs.

• Upstream conformant Certified Kubernetes release with independent upgradability: VCF runs a fully upstream conformant Kubernetes distribution that is certified by Cloud Native Computing Foundation (CNCF). This certification ensures that the vSphere Kubernetes implementation complies with the Kubernetes Conformance Program, which validates upstream Kubernetes APIs, workloads, and ecosystem tools. For example, after upgrading to VKS 3.4, you’ll be able to create and manage Kubernetes clusters using the latest vSphere Kubernetes release 1.33, aligned to the latest community release.

• Support for N-2 Kubernetes versions for flexible deployment: VKS supports the current Kubernetes release and the two previous major versions. This means that VKS ensures compatibility across three Kubernetes versions at any given time that allows different enterprise teams to run the version their apps need, and have the control and flexibility to upgrade at their own pace.

• Simplified and Efficient Operations 

VCF reduces operational complexity, enhances management flexibility, and allows teams to optimize resource allocation across environments. 

• Self-service access to cloud services with governance: Through a role-based access model, Platform Engineers can leverage self-service capabilities to provision infrastructure resources (compute, storage, and network) and a set of rich cloud services in vSphere Supervisor, such as VM Service, Network Services, and Image Registry, on demand, while Cloud Admins maintain governance and control through policies and resource quotas. Self-service access also supports multi-tenancy with isolated environments for different teams and projects.

• Independently upgradable vSphere Supervisor: VMware Cloud Foundation 9.0 unlocks additional flexibility for Cloud Admins to independently upgrade vSphere Supervisor without having to upgrade vCenter. By enabling asynchronous updates, it reduces operational complexity and provides greater flexibility for IT teams to keep Kubernetes environments current while maintaining stability across the broader infrastructure.

• Kubernetes clusters autoscaling: ​​Autoscaling enhancements enable dynamic adjustment of worker node counts based on real-time metrics, delivering both performance and efficiency. With support for scale-down-to-zero and scale-up-from-zero capabilities, clusters can automatically reduce to zero worker nodes during idle periods and seamlessly scale up as demand returns. This on-demand scalability optimizes infrastructure usage, reduces operational costs, and ensures resources are provisioned only when needed.

• Workload zones to optimize resource allocation: VCF 9.0 introduces enhanced flexibility through workload zones, enabling Cloud Admins to define and manage workload zones independently to better align infrastructure resources with workload needs. vSphere Namespaces support both single-zone and multi-zone configurations, making it easier to accommodate varied high availability requirements and disaster recovery scenarios. Cloud Admins can also extend private cloud infrastructure by adding specialized zones, such as dedicating resources for GPU-intensive workloads, offering greater control, optimized resource utilization, and improved agility for diverse deployments.

• VKS Cluster Management integration: VKS cluster management enables Cloud Admins to efficiently manage clusters and cluster groups across diverse environments. With built-in capabilities like fleet-wide multicluster management and fine-grained access controls, teams can accelerate deployments, reduce operational complexity, and ensure consistent configuration. This unified approach simplifies Day 2 operations and strengthens governance across the Kubernetes infrastructure.

• Elevated Security 

VCF integrates built-in security features to safeguard workloads consistently, so organizations can reduce risk and improve their overall security posture. 

• Built-in high availability and reliability: VCF delivers built-in high availability and reliability not only for virtual machines, but also for modern workloads. Through the integration of VKS, VCF ensures that containerized applications benefit from the same enterprise-grade resiliency features, such as vSphere HA. vSAN provides persistent storage policies tailored to stateful Kubernetes workloads, while NSX ensures network availability and secure connectivity across clusters. With unified lifecycle management, VCF maintains consistent uptime and operational stability for both VMs and containers running on a resilient infrastructure. 

• Istio Service Mesh Integration: Istio Service Mesh provides advanced capabilities such as service discovery, secure service-to-service communication, traffic routing and load balancing, and policy enforcement through integrated observability tools. With features like ingress and egress gateways, fault injection, rate limiting, and support for zero-trust architecture, Istio Service Mesh enables platform teams to manage complex microservices environments with visibility, resiliency, and compliance while streamlining operations across Kubernetes clusters.

• OS FIPS mode for compliance: A new configuration option introduces support for enabling FIPS mode at the operating system level, ensuring that only FIPS-validated cryptographic modules are used to meet stringent security and compliance requirements. This enhancement gives Cloud Admins the flexibility to enforce FIPS mode for both Linux and Windows workload clusters, aligning Kubernetes environments with Federal and industry security standards while maintaining operational control over security posture. 

• Extended Support: Moving forward, we plan to make Extended Support available with certain versions of vSphere Kubernetes releases (VKr), making support available for a period of 24 months from GA. This will help VCF customers to remain on a Kubernetes minor version for a much longer period, if they need. The first release that comes with Extended Support is VKr 1.33.

Furthermore, what makes VCF so special for running containerized workloads? VCF makes containers first-class citizens, right alongside VMs, by deeply integrating Kubernetes into the core infrastructure stack with consistent lifecycle management, treating containerized workloads with the same operational priority, manageability, and features as virtual machines. With VCF, containers are running inside virtual machines. This architecture enhances security by adding a strong layer of isolation between workloads, while allowing enterprises to apply existing security tools, compliance policies, and access control across all workloads. 

The VCF 9.0 release reflects Broadcom’s continued commitment to delivering a unified, enterprise-ready platform for modern applications. Whether you’re managing a multicluster environment, trying to scale containerized workloads, or looking to simplify operations, VCF 9.0 provides the strategic private cloud platform to run Kubernetes with confidence—today and into the future. Start your journey now! 

To learn more:

• Please visit the VCF website,  VCF 9.0 overview blog, and VKS 3.4 GA blog
• Watch the Kubernetes on VCF 9.0 overview video 
• Check out the Solution Brief and Infographic
• Explore the Forrester webinar and blog

***

Ready to get hands-on with VMware Cloud Foundation 9.0?  Dive into the newest features in a live environment with Hands-on Labs that cover platform fundamentals, automation workflows, operational best practices, and the latest vSphere functionality for VCF 9.0.