The latest new release of VMware PKS is here. Version 1.3 of the enterprise-grade Kubernetes platform entered general availability on Jan 16th. The new release includes a number of new updates that improve the service’s capabilities to build and run modern apps using Kubernetes clusters, including:
- Support for Kubernetes 1.12
- Support for Microsoft Azure
- New configuration options for networking and security:
- Improved tenant isolation with Tier 0 routers
- Improved pod traceability and visibility
- Better networking optimization with selective IP address range and subnet size for pod IP addresses
- Increased scalability by supporting larger load balancers
- Better isolation across environments by deploying multiple VMware PKS control planes with a single VMware NSX-T instance
- Enhanced management and operations for optimizing cluster performance and reducing deployment risks
- Better capacity management with cluster scale-down
- Backup and recovery of Kubernetes clusters
- Downtime prevention by conducting smoke tests
- Ability to deploy NSX-T and IaaS control plane behind an authenticated HTTP proxy
- Log endpoint specification at namespace and cluster levels
- Harbor 1.7 integration
Microsoft Azure Support
VMware PKS allows the self-service provisioning of Kubernetes across multiple clouds with a common user interface. VMware PKS 1.3 adds support for Microsoft Azure in addition to existing support for VMware vSphere, GCP and Amazon EC2. The release enables Azure users to deploy Kubernetes clusters to their environment, allowing portability for workloads and operational tasks and providing operational efficiencies to provisioning and day 2 operations.
Figure 1: VMware PKS delivers support for vSphere, AWS, GCP, and Azure.
Additional Options for Networking, Security, and Configuration
VMware PKS 1.2 introduced the network profiles feature, enabling load balancer size specification based on the desired size of Kubernetes clusters. Version 1.3 increases the number of available networking options when creating a Kubernetes cluster to suit the networking, scale, and security requirements of your applications.
Tier 0 Routers for Improved Tenant Isolation
Tier 0 routers provide an “on/off” gateway service to bridge virtual and physical networks. VMware NSX-T provides edge node support for multiple Tier 0 routers. Deploying Kubernetes clusters across multiple Tier 0 routers provides improved network isolation between tenants. Tenants also have greater autonomy in their service IP address selection with overlapping IP address ranges.
VMware PKS 1.3 allows you to specify a Tier 0 router using the network profile feature when creating a clusters. This then creates the Kubernetes clusters and all associated networking objects on the Tier 0 router. Tier 0 routers only support a finite number of networking objects such as load balancers, but you can leverage multiple Tier 0 routers to deploy additional clusters and networking objects within a VMware PKS environment.
Routable CIDRs for Improved Pod Traceability and Visibility
VMware PKS 1.3 allows you to specify pod routability when creating Kubernetes clusters to trace workloads that make egress requests or provide ingress access to pods for certain specialized workloads. You can also specify the range of blocks to be used for the IP addresses. Check out this blog post to learn more about routable pod networks.
Selective IP Address Ranges for Improved Networking Optimization
VMware PKS 1.3 allows you to override the configured global pod IP address block with a custom IP address block range, including a custom subnet size. This feature is useful if your global IP address range for pods reaches capacity, necessitating deployment of new clusters, or when you need varied subnet sizes for each namespace within your clusters.
Support for Larger Load Balancers
Earlier versions allowed the specification of load balancer size with a network profile to override the default small load balancers. In addition to existing support for small- and medium-size load balancers, this release adds support for NSX-T edge nodes that use bare metal to support large load balancers. This change allows support for a larger number of services, backend pods, and throughput (transactions per second) per service.
Deploying Multiple VMware PKS Control Planes with a Single NSX-T Instance for Improved Isolation
VMware PKS 1.3 allows you to deploy multiple instances of VMware PKS on a single shared NSX-T instance. Each instance of the VMware PKS control plane can be deployed on a dedicated NSX-T Tier 0 router for end-to-end isolation. This lets you dedicate separate VMware PKS instances into development, staging, and production environments. With the added isolation you can now upgrade your development environment to assess the workload impact, before upgrading staging or production.
Improve Cluster Performance and Deployment with Enhanced Management Capabilities
Cluster Scale-Down for Better Capacity Management
The new release allows you to manage resource consumption by reducing the number of worker nodes in a cluster as workload demands decrease. This is achieved by extending the CLI to let you scale down the number of worker nodes for a given cluster.
Safeguard Clusters with Backup and Recovery
VMware PKS 1.3 supports cluster backup and recovery when deployed in a single master mode. The BOSH Backup and Restore (BBR) allows you to recover Kubernetes clusters and stateless workloads.
Smoke Tests to Prevent Downtime
PKS 1.3 introduces optional cluster tests, known as smoke tests, to prevent unintended downtime that occur as a result of cluster upgrades. These tests let you assess the impact ahead of upgrading a running cluster. This is achieved by creating test version of a Kubernetes cluster after each upgrade of VMware PKS, but before applying upgrades to running Kubernetes clusters. Following the smoke test, the test cluster is deprovisioned to reduce resource consumption.
Kubernetes 1.12 Support
This latest release of VMware PKS also supports the most recent version of Kubernetes 1.12, providing the most recent stable Kubernetes features. We ensure Kubernetes passes conformance testing specified by the Cloud Native Computing Foundation (CNCF) in order to validate the service, ensuring workload compatibility and portability.
As Kubernetes adoption increases, it will become a foundational layer for many major applications, making authentication and security critical. We secure VMware PKS 1.3 clusters with TLS by default, and can use Kubernetes 1.12 to bootstrap kubelets into a TLS-secured cluster.
The latest release also allows you to share cluster volumes between containers within a single pod. This allows you to do things like create applications that access a database while another reads database metrics. Mount propagation in Kubernetes 1.12 allows similar private, rshared, and rslave Linux primitives between containers.
Additional Features
VMware PKS 1.3 includes further features, such as the ability to deploy NSX-T and the rest of the IaaS control plane behind an authenticated HTTP proxy, restricting access and improving security. You can also now specify log endpoints at the namespace and cluster levels. This allows you to aggregate all log entries for a cluster to a chosen log analyser.
VMware PKS 1.3 also includes Harbor 1.7 with features such as Helm charts management, improved LDAP support, image replication, and database migrations. Other advanced features include the ability to view image build history, re-tag images, and perform online garbage collection. Click to learn more about Harbor 1.7.
Share your thoughts on VMware PKS 1.3 below and visit our website to learn more about VMware PKS.