6 key features of VMware’s new Pivotal Container Service
FYI, this story is more than a year old
VMware dropped a new offering on the Pivotal Container Service (PKS) market overnight.
VMware’s Pivotal Container Service (PKS) is a collaboration with Pivotal that will be initially available to customers in mid-December.
Here are six key features of VMware Pivotal Container Service:1. Kubernetes 1.8. Developers
The initial release will feature Kubernetes 1.8. Developers will have full access to the Kubernetes API, with no proprietary extensions.
Moreover, PKS is built for multi-cloud environments with native Kubernetes APIs and is developed of the mainline Kubernetes release with constant compatibility with Google Kubernetes Engine (GKE).2. Leverages Cloud Foundry Container Runtime
PKS leverages Cloud Foundry Container Runtime (CFCR), formerly known as Kubernetes on BOSH, or Kubo, aiming to simplify the deployment of Kubernetes clusters through automation and orchestration.
It also provides health-checks and self-healing of the underlying infrastructure for highly available, production-grade deployments.
Using BOSH, PKS can automate the entire network configuration required for Kubernetes clusters.3. Includes VMware NSX-T
PKS includes VMware NSX-T, which offers pod-level container networking with micro-segmentation, load balancing and security policies for Kubernetes clusters.
With NSX-T, customers get the networking functions required for Kubernetes, including pod-level networking, ingress to services, and load balancing across multiple replica sets.
NSX-T provides the complete set of Layer 2 through Layer 7 networking services that are needed for containers and pod-level networking.
The NSX-T integration in PKS will help enterprises quickly deploy networks with micro-segmentation and on-demand network virtualization without disrupting the development cycle.
A key design concept of NSX-T integration with PKS is to assign a unique logical switch to each Kubernetes namespace. This provides the ability to segment the traffic of each namespace within a given Kubernetes cluster.
Development teams will be able to choose to use a dedicated Kubernetes namespace within a shared cluster to secure their workloads from other teams.
Customers can also access advanced networking functions, such as network security policies and tenant-level isolation using the NSX-T multi-tiered routing model.4. Secure container registry
PKS includes a secure, open source contain registery – Harbour – which helps enterprises secure container workloads through features such as vulnerability scanning, image signing and auditing.
It stores and distributes container images and provides production-grade authentication and role-based access to push and pull images
According to VMware, container images can be safely and securely downloaded into Kubernetes clusters for application deployment with Harbor, which also enables production-grade image repositories for CI/CD pipelines.
Customers can push container images into Harbor as part of their application release automation process.
Additionally, these images can be scanned for vulnerabilities and have their signatures validated by Harbor before they are allowed to be pulled into Kubernetes clusters as part of an application workload deployment process.5. Persistent Storage with the vSphere Cloud Provider Plugin
PKS allows developers to deploy Kubernetes clusters for both stateless and stateful applications.
It supports the VMware vSphere Storage for Kubernetes plugin which is part of Kubernetes through Project Hatchway.
The plugin allows PKS to support Kubernetes storage primitives on vSphere storage; the storage primitives include volumes, persistent volumes, persistent volumes claims, storage classes, and stateful sets.
The storage plugin also brings in enterprise-grade storage features. For example, by using VMware vSAN, you can extend storage policy-based management to applications running in a Kubernetes cluster.6. GCP Service Broker
Developers have access Google Cloud Platform (GCP) services through an integrated GCP service broker.
This means an operator can expose selected GCP services so that development teams can provision and consume GCP services by creating and managing “service instances” with the kubectl CLI or API.
The GCP service broker supports offering GCP subscription services such as Google Cloud Storage, Google BigQuery, and Google Stackdriver.
These services will be able to be consumed by applications running on-premises or from within GCP.
PKS can be deployed in a data center on vSphere, as well as on Google Cloud Platform, and was recently certified by Kubernetes Software Conformance Certification program of the Cloud Native Computing Foundation.