By Narayan Mandaleeka, Senior Product Line Manager
Today, VMware and Pivotal are excited to announce the general availability of Pivotal Container Service (PKS). PKS is a Kubernetes-based container service designed to meet the needs of operators and developers by providing native Kubernetes combined with advanced day-1 and day-2 capabilities needed to run Kubernetes at scale in production. My previous blog provided a review of PKS architecture including how SDDC products provide additional operational support. In this blog, I share three demos that highlight PKS capabilities.
In a nutshell, PKS 1.0 provides:
- Multi-cloud capabilities with initial support on vSphere and GCP
- Support for Kubernetes 1.9.2, the latest stable version of Kubernetes
- Cloud Native Computing Foundation (CNCF)-certified Kubernetes distribution ensuring portability, interoperability and consistency
- High availability with health monitoring and self-healing
- Advanced container networking with NSX-T
- Enterprise-grade security with isolation, policies, vulnerability scanning, and content trust
- Multi-tenancy with cluster-level security and autonomy
- Rapid, on-demand provisioning of Kubernetes clusters
Since we announced initial availability of PKS last December, we’ve been busy enabling early access customers across a variety of industries such as banking, retail, insurance and healthcare. These initial engagements have validated our value proposition of providing a comprehensive solution that meets the needs of operators and developers.
With container networking, security, persistent volumes, monitoring, and analytics, PKS runs on the SDDC portfolio enabling operators to manage and vend Kubernetes services quickly while developers enjoy the latest container technology to build and run their apps. With PKS, running VMs and containers on a consistent infrastructure with consistent operations has never been easier, enabling users to welcome containers into the fold without the risks and challenges of a greenfield deployment.
Following are top 4 reasons why these customers are selecting PKS.
- PKS Empowers Developers through Automation and Self-Service
PKS provides a simplified set of APIs and a command-line interface that let platform operators fully automate the deployment of Kubernetes clusters, including complex tasks such as configuring and provisioning load balancers, networks, and security policies. PKS exposes Kubernetes natively to developers, and as a result, they can launch, scale, and interact with their own Kubernetes clusters by using the familiar Kubernetes APIs or kubectl commands. Check the PKS demo below which shows how developers can deploy a Kubernetes cluster and start interacting with Kubernetes natively within minutes.
- PKS Delivers Multi-tenancy at the Cluster Level for Enhanced Isolation and Security
Multiple Kubernetes clusters can be deployed and managed from a single control plane. Included in PKS, VMware NSX-T isolates these clusters using network security policies. Kubernetes clusters can be deployed into different vSphere clusters and configured to use different datastores. The result achieves complete isolation and avoids the noisy/nosey neighbor problem between tenants.
In addition, PKS includes Project Harbor, an open source enterprise container registry. The integration of Harbor with PKS simplifies image management with distribution, replication and security mechanisms. Harbor features a logical construct called Project, which is used to group users and repositories to enable fine-grained access control. For example, a project can be dedicated to a CI/CD pipeline, with unscanned images completely separated from production images. Once the images pass all tests, they could be replicated to a repository closest to the production clusters for deployment.
- PKS Drives Operational Efficiency with Seamless Maintenance
With BOSH as a key component, PKS monitors the health of clusters and can self-heal to enable clusters to run at optimal capacity. If a node is deemed unhealthy, PKS automatically detects its state and resurrects it without workload downtime. In addition, patching and upgrades of Kubernetes nodes (including the underlying operating system) can be managed from the PKS platform in a centralized fashion, without impact to running applications. See the demo below where BOSH resurrects a failed node.
- PKS Delivers Enterprise-Grade Security for Container Workloads
PKS is engineered to be highly secure. It includes micro-segmentation, security policies, container image signing, vulnerability scanning, and user identity and access management through User Account and Authorization Service (UAA). Through the integration with NSX-T, PKS provides automated network topologies and micro-segmentation policy to each container in the Kubernetes cluster. Additionally, clusters are deployed in a secure, isolated network to protect traffic and data privacy. Through UAA, admins can use their enterprise credentials to securely access the PKS control plane. In addition, PKS scans images for vulnerabilities, signs and verifies images, and provides auditing capabilities for enterprise security and compliance. See demo below on how PKS provides image scanning.
We hope you, too, will appreciate the advanced capabilities of PKS.
Follow this link to read Pivotal’s announcement on PKS GA: https://content.pivotal.io/blog/secure-multitenant-kubernetes-in-minutes-pivotal-container-service-goes-ga