With VMware Cloud Foundation (VCF) 9, the focus for platform teams has shifted from simply providing infrastructure to enabling seamless, secure application delivery. As organizations scale their containerized workloads, the challenge lies in balancing developer velocity with operational guardrails.
In this article, we are diving into how you can build a robust, enterprise-grade delivery pipeline using VMware vSphere Kubernetes Service (VKS) integrated with Harness for CI/CD, Wiz for security, and Dynatrace for observability.
The Architecture: A Unified Consumption Model
To simplify the deployment of modern applications, we’ve introduced a structured VKS Consumption Model. This model provides a blueprint for using Infrastructure as Code and Helm to bootstrap VKS clusters and connect them to a centralized delivery plane.
At the heart of this design is the Harness Delegate. Running within your VCF environment, the Delegate acts as the bridge between the Harness SaaS manager and your private VKS clusters. This ensures that your sensitive credentials and cluster endpoints never leave your secure environment while still benefiting from a powerful, cloud-native orchestration platform.
Implementing GitOps for VKS
GitOps has become the gold standard for Kubernetes operations, and for good reason. By treating your Git repository as the single source of truth, you ensure that the state of your VKS cluster always matches your desired configuration.
Using Harness GitOps, platform teams can manage the lifecycle of VKS clusters and applications with ease:
- State Reconciliation: Automatically detect and correct configuration drift between Git and your live VKS environment.
- Version Control: Every change to your infrastructure or application is audited and reversible through Git commits.
- Standardized Deployments: Use Helm charts stored in your repository to deploy consistent environments across development, staging, and production.
Shifting Left with Integrated Security and Observability
A delivery pipeline is only as good as the safety nets it provides. By integrating Wiz and Dynatrace directly into the Harness pipeline for VKS, we achieve “Shift-Left” security and full-stack observability.
Security Scanning with Wiz
Before a container image ever reaches your VKS cluster, it must be validated. By integrating Wiz into the CI stage, the pipeline automatically scans container images for vulnerabilities, misconfigurations, and secrets. If a high-risk vulnerability is detected, the pipeline can automatically halt the deployment, protecting your VCF environment from Day 0.
Performance Insights with Dynatrace
Once deployed, the focus shifts to health. Dynatrace integration allows the pipeline to perform automated “Health Checks” or “Quality Gates.” By pulling real-time metrics from the Dynatrace OneAgent running on VKS, Harness can determine if a new deployment has caused a performance regression or an increase in error rates, triggering an automatic rollback if necessary.
Getting Started with the VKS Consumption Model
Ready to build this in your own VCF environment? We have provided a comprehensive set of resources to get you started:
- Review the Architecture: Understand the architecture for this integration.
- Review the Design: Understand the design for this integration.
- Configure the Integration: Follow our technical guides for connecting Wiz and Dynatrace into your pipelines.
- Deploy the Blueprint: Use the VKS Consumption Models GitHub repository to access Helm charts designed to automate the setup of your VKS-Harness ecosystem.
By combining the sovereign cloud capabilities of VMware Cloud Foundation with the automation of Harness and the intelligence of Wiz and Dynatrace, platform teams can finally provide a “Golden Path” for developers—one that is fast, secure, and observable by default.
For more deep dives into VKS and VMware Cloud Foundation 9, stay tuned to the VCF VKS Blog.
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
