Confidential │ ©2018 VMware, Inc.

Pivotal Container Service(PKS)

Tomas MichaeliNetwork & Security Solution Architect

January 2019

2006 2019

Cloud native applications – what is the motivation?

4Confidential │ ©2018 VMw are, Inc.

OS

App 1 App 2

Docker

Docker Engine

5Confidential │ ©2018 VMw are, Inc.

OS

App 1 App 2

Kubernetes

Docker Engine

Kubernetes

OS

App 1 App 2

Docker Engine

Kubernetes…

Plus:

Networking

Storage

6Confidential │ ©2018 VMw are, Inc.

VMware

Node

Node

Node

Kubernetes

Master

Node

Node

Node

Kubernetes

Master

Node

Node

Node

Kubernetes

Master

PKSIncluding:

Networking

Storage

Top 8 challenges addressed by micro-services architecture

• code complexity

• application management

• testability

• scalability

• resilience

• higher availability

• quick release cycles

• organizational alignment

8Confidential │ ©2018 VMware, Inc. 8

Build, Run and Manage Modern Applications on VMware SDDC

VMware SDDCvSphere | NSX | VSAN

Build onOpensource APIs

Container RuntimeContainer Hosts

CaaSContainer Orchestrator

PaaSApplication Platform

vSphere Integrated Containers

Pivotal Container Service - PKS

Pivotal Cloud Foundry

Docker API

CF API

K8s API

OpenSource K8sOpenShift

K8s API

PKS on SDDC

Rapidly Deliver and Operationalize Next Generation Apps

Physical Infrastructure

BOSH

NSX-T

Service

Broker(s)

vSANvSphere

etcd worker

Container

Registry

master etcd workermaster

PKS Control Plane

Kubernetes Cluster Kubernetes Cluster

Wavefront

by VMware

vRealize

Automation

vRealize

Log Insight

vRealize

Operations

vRealize

Network

Insight

PKS

BOSH

K8S-1

Work

erWorker

K8S-2

BOSH Agent

BOSH Agent

K8s-api

Team A

K8s-api

KUBOBOSH

Release(tgz)

DAY 2 Ops- Auto/Manual Rebuild- Auto/Manual Repair- Manual Scale- Patch & Upgrade- Control & Audit OPS Events

NAMESPACE_1: TEAM A

NAMESPACE_2: TEAM B

Team C

Team B

NAMESPACE_1: DEFAULT

DAY 1 OpsDEPLOY

Op

era

te K

8s +

Run

Ap

ps/C

onta

iners

UI &

API

Worker

ApplicationDev/Ops Owner

ApplicationDev/Ops Owner

ApplicationDev/Ops Owner

Work

erMASTER

WorkerMASTER

ETCD

WorkerMASTER

ETCD

MASTERMASTER

ETCD

Platform Reliability Engineer

Self Service K8s

BOSH Day 2

1.10 -> 1.11

1.10 -> 1.11

PKS Controller

Ops Manager

(OVA)

Ca

na

l

Kubernetes Networking

L2

L3 (North/South)

L4 – Security Policy

Load Balancing

VM Connectivity

End to End

Configuration & Troubleshooting

Ops Tools & Central Stats

FlannelL2 only (East/West Pod Traffic)

CalicoL3/L4 (IP Tables)

NGINX/HA ProxyLoad balancing

No End to End Configuration & Troubleshooting

New Ops Tools + Different locations for Stats

NSX-T

Zero VM Networking Integration

PKS PKS

12Confidential │ ©2018 VMw are, Inc.

Persistent storage for containers

vSphere

Kubelet

Datastore1

K8s Vol

dataVol.vmdk

K8s vSphere

Cloud provider

Kubernetes Worker (VM)

Pod

Tools, Libs, SW

RedisDB

K8s API

vCenter

Create Storage Class

Create Persistent Vol Claim

Create Pod and Mount Volume

Stateful

Pod

Name: thin-disk

Provisioner: vSphere Volume

Diskformat: thin

Name: volume-claim

Storage class: thin-disk

Accessmode: readwrite

Storage: 2GB

Podspec includes:

Persistent volume claim

Filesystem mount point

RedisDB

VMware Values for Containers

Enterprise-class

NetworkingAdvanced Security Enhanced

Operations

Full Network

Visibility

Enterprise

Support

Unified VM-to-

Container

Networking

Micro-

Segmentation

Va l u e s f o r C o n t a i n e r s

F e a t u r e s

Confidential │ ©2018 VMw are, Inc.

Thank You!