Written by Merlin Glynn, Senior Product Line Manager, Cloud-Native Apps, VMware. Originally posted here.
We are excited to announce that as of September, PKS 1.2 is now generally available. The latest version of the service delivers new features to help improve multi-cloud operations, networking and security, management and operations, and developer productivity. These capabilities are delivered as a turnkey solution to help you take your Kubernetes workloads into production.
Here are the new PKS capabilities, designed to improve productivity, security, and ease-of-use for multi-cloud enterprises.
Multi-cloud Operations
Amazon EC2 Support
Kubernetes enables developers to deploy and manage containerized apps at scale on any infrastructure, on-premises or in the cloud. According to the Cloud Native Computing Foundation, Amazon EC2 is the leading container deployment environment. With this latest release, PKS enables a consistent operating model and Kubernetes user experience across on-premises data centers and Amazon EC2.
“With PKS support for AWS, customers can deploy a consistent infrastructure for their containerized workloads across on-premises VMware environments and the AWS cloud, and benefit from access to native AWS cloud services and features,” said Deepak Singh, Director, Compute Services, AWS.
A key benefit of PKS is the ability to conduct self-service provisioning of Kubernetes across multiple supported IaaS providers using a common user interface. PKS also optimizes the Kubernetes clusters for the IaaS they are provisioned into. This helps make workloads and operational tasks portable on any supported cloud while improving the efficiency of provisioning and day 2 operations.
PKS on AWS EC2
Networking and Security
Integration with NSX-T for Enhanced Scale and Security
PKS 1.2 integrates with VMware NSX-T for production-grade container networking and security. A new capability introduced in NSX-T 2.2 allows you to perform workload SSL termination using Load Balancing services. PKS can leverage this capability to provide better security and workload protection.
The NSX-T integration uses native Kubernetes objects, like Secrets and Ingress controllers, to manage the SSL termination. This secures the requests to the workloads deployed on Kubernetes in a cloud-native way. PKS with NSX-T 2.2 can significantly increase the scalability of the PKS platform in terms of the number of Kubernetes clusters, Kubernetes “LoadBalancer” exposed services, Kubernetes “Ingress” exposed services, and network traffic performance.
The integration also provides an automated installation and simplified user experience for implementing Kubernetes with NSX-T.
NSX-T 2.2 and Kubernetes SSL Integration
Network Profiles for Per-Cluster Customization and Choice of Load Balancer Size
As enterprises begin to scale out their workloads on Kubernetes, it’s critical for their networking solution to offer security and scalability across many Kubernetes clusters. NSX-T is an integral part of PKS, providing integration with Kubernetes Security Policy controls and the scalability required for large-scale workloads.
PKS 1.2 introduces a new feature called Network Profiles. This capability allows the flexibility to choose different size NSX-T Load Balancing services to better meet the security and performance characteristics required for each cluster. This flexibility will allow you to optimize Load Balancing services to meet the needs of Kubernetes deployments of various sizes.
Native Kubernetes RBAC with Enterprise LDAP and AD
PKS 1.2 introduces a centralized authentication mechanism allowing you to assign Kubernetes role-based access control (RBAC) bindings to LDAP users and groups. Kubernetes RBAC enables fine-grained control when a cluster is serving many teams. This capability enables PKS users to serve the needs of many single tenant clusters, or fewer multi-tenant clusters, with a unified and auditable authentication framework (User Account and Authentication, or UAA).
PKS LDAP and Role Binding
Developer Productivity
Kubernetes 1.11
With constant compatibility with Google Kubernetes Engine (GKE), PKS allows you to stay up to date with the most recent, stable Kubernetes release. PKS 1.2 guarantees a native open-source experience with Kubernetes 1.11, so workloads and CI/CD processes can benefit from the latest Kubernetes upstream features as well as ease of portability across other native Kubernetes platforms.
This release of Kubernetes has been validated for enterprise readiness in PKS 1.2 and fully passed the Kubernetes conformance testing defined by the Cloud Native Computing Foundation to enable workload compatibility and portability.
Self-Service of Pod/Workload Log Sinks
A key goal of PKS is to deliver self-service to teams consuming Kubernetes and other services required to run workloads in production. One critical prerequisite for self-service is workload observability and logging. PKS 1.2 will provide an additional logging feature to its existing Syslog and vRealize Log Insight integration.
This feature, known as Sink Resources, will allow cluster admins or development teams to determine a syslog endpoint to which all workload (Pod) stdout and stderr are shipped. This quickly provides the right level of observability to the right teams for Kubernetes workloads.
Sink Resources are implemented as Kubernetes Custom Resource Definitions (CRDs) that can be controlled by Kubernetes RBAC to allow teams to make individual logging choices at the namespace or cluster level.
PKS Logging Sink
Management and Operations
Highly Available Kubernetes Control Plane
PKS 1.2 will provide a highly available Kubernetes control plane, giving operators the confidence to deploy Kubernetes services and workloads in production. This is accomplished with an optimized BOSH release for the Kubernetes key-value store for state, etcd. BOSH keeps the Kubernetes control plane healthy and easily upgrades it when required.
Additionally, the tight integration of PKS with VMware NSX-T allows for dynamic load balancing of multiple Kubernetes Master Node instances to achieve Kubernetes API access and uptime goals. These enhancements ensure the Kubernetes control plane is always available and ready for production.
Comprehensive Kubernetes Solution with Integration with VMware Products
PKS provides a turnkey solution to run production workloads on Kubernetes by integrating with VMware NSX-T, Project Harbor, vRealize Log Insight, vRealize Automation, Wavefront by VMware, and other VMware services.
The latest vRealize Automation 7.5 also added integration with PKS for Kubernetes cluster management. With the integration of vRealize Automation and PKS, you can now manage Kubernetes clusters within vRealize Automation — the same interface used for infrastructure deployment.
vRealize Automation and PKS Integration
Visit our website to learn more about PKS. You can also try PKS for yourself in one of our hands-on labs.
Read our recent blog post to learn more about the announcement of PKS 1.2.
