Post on 30-May-2020
Confidential │ ©2018 VMware, Inc.
Pivotal Container Service(PKS)
Tomas MichaeliNetwork & Security Solution Architect
January 2019
2006 2019
Cloud native applications – what is the motivation?
4Confidential │ ©2018 VMw are, Inc.
OS
App 1 App 2
Docker
Docker Engine
5Confidential │ ©2018 VMw are, Inc.
OS
App 1 App 2
Kubernetes
Docker Engine
Kubernetes
OS
App 1 App 2
Docker Engine
Kubernetes…
Plus:
Networking
Storage
6Confidential │ ©2018 VMw are, Inc.
VMware
Node
Node
Node
Kubernetes
Master
Node
Node
Node
Kubernetes
Master
Node
Node
Node
Kubernetes
Master
PKSIncluding:
Networking
Storage
Top 8 challenges addressed by micro-services architecture
• code complexity
• application management
• testability
• scalability
• resilience
• higher availability
• quick release cycles
• organizational alignment
8Confidential │ ©2018 VMware, Inc. 8
Build, Run and Manage Modern Applications on VMware SDDC
VMware SDDCvSphere | NSX | VSAN
Build onOpensource APIs
Container RuntimeContainer Hosts
CaaSContainer Orchestrator
PaaSApplication Platform
vSphere Integrated Containers
Pivotal Container Service - PKS
Pivotal Cloud Foundry
Docker API
CF API
K8s API
OpenSource K8sOpenShift
K8s API
PKS on SDDC
Rapidly Deliver and Operationalize Next Generation Apps
Physical Infrastructure
BOSH
NSX-T
Service
Broker(s)
vSANvSphere
etcd worker
Container
Registry
master etcd workermaster
PKS Control Plane
Kubernetes Cluster Kubernetes Cluster
Wavefront
by VMware
vRealize
Automation
vRealize
Log Insight
vRealize
Operations
vRealize
Network
Insight
PKS
BOSH
K8S-1
Work
erWorker
K8S-2
BOSH Agent
BOSH Agent
K8s-api
Team A
K8s-api
KUBOBOSH
Release(tgz)
DAY 2 Ops- Auto/Manual Rebuild- Auto/Manual Repair- Manual Scale- Patch & Upgrade- Control & Audit OPS Events
NAMESPACE_1: TEAM A
NAMESPACE_2: TEAM B
Team C
Team B
NAMESPACE_1: DEFAULT
DAY 1 OpsDEPLOY
Op
era
te K
8s +
Run
Ap
ps/C
onta
iners
UI &
API
Worker
ApplicationDev/Ops Owner
ApplicationDev/Ops Owner
ApplicationDev/Ops Owner
Work
erMASTER
WorkerMASTER
ETCD
WorkerMASTER
ETCD
MASTERMASTER
ETCD
Platform Reliability Engineer
Self Service K8s
BOSH Day 2
1.10 -> 1.11
1.10 -> 1.11
PKS Controller
Ops Manager
(OVA)
Ca
na
l
Kubernetes Networking
L2
L3 (North/South)
L4 – Security Policy
Load Balancing
VM Connectivity
End to End
Configuration & Troubleshooting
Ops Tools & Central Stats
FlannelL2 only (East/West Pod Traffic)
CalicoL3/L4 (IP Tables)
NGINX/HA ProxyLoad balancing
No End to End Configuration & Troubleshooting
New Ops Tools + Different locations for Stats
NSX-T
Zero VM Networking Integration
PKS PKS
12Confidential │ ©2018 VMw are, Inc.
Persistent storage for containers
vSphere
Kubelet
Datastore1
K8s Vol
dataVol.vmdk
K8s vSphere
Cloud provider
Kubernetes Worker (VM)
Pod
Tools, Libs, SW
RedisDB
K8s API
vCenter
Create Storage Class
Create Persistent Vol Claim
Create Pod and Mount Volume
Stateful
Pod
Name: thin-disk
Provisioner: vSphere Volume
Diskformat: thin
Name: volume-claim
Storage class: thin-disk
Accessmode: readwrite
Storage: 2GB
Podspec includes:
Persistent volume claim
Filesystem mount point
RedisDB
VMware Values for Containers
Enterprise-class
NetworkingAdvanced Security Enhanced
Operations
Full Network
Visibility
Enterprise
Support
Unified VM-to-
Container
Networking
Micro-
Segmentation
Va l u e s f o r C o n t a i n e r s
F e a t u r e s
Confidential │ ©2018 VMw are, Inc.
Thank You!