Hydra 1303

All News Items

PKS the Big Picture

from the Hydra High Council Sep 11th 2018

Coming from the engineering and operational side of the house, you are probably wondering what changes are coming down the pipeline, in order to support this new era of development that we have reached.

So now you have VMware PKS, and you want to leverage the technology to its maximum potential to support the new services and microservices that your developers are creating.

Hydra 1303 has created a PKS series to show you in detail what VMware PKS can do for your enterprise. We will deep dive into several design aspects and technical recommendations. Before we get there, we first want to showcase the Big Picture with VMware PKS.

Let's get started with what makes up VMware PKS. PKS is a combination of multiple products that form an amazing solution to not only run, manage and monitor containers, but provide them with enterprise standard network and security.

We like to think that PKS has building blocks, and the first foundational block is vSphere. You will have your infrastructure on your datacenter, with servers, racks, network, storage and vSphere running on top of it. You will build your vSphere clusters, like you have done before, with compute and management. On top of that infrastructure is where we are going to build.

For storage, we will support, VMFS, NFS or of course on our beloved vSAN

Once you have a solid foundation, the next part that we will see enter into the picture is networking. Of course, we have the best in networking and security! We leverage NSX-T, and that is actually included with PKS. That's right people!! When you purchase VMware PKS, NSX-T is included.

Now that we have a solid foundation with all the networking and security handled, we start to add the blocks that really make up the heart of the solution.

We now introduce Bosh. We will discuss Bosh in more detail later, but just to make it easy for now, think of Bosh as an officer - it detects problems with nodes (which are virtual machines) and if they are not responding for some reason, Bosh will automatically deploy a new node. Bosh is really responsible for day one deployment of nodes, and then day 2 operations like patching, repairing, upgrading and scaling.

So now you are probably asking yourself, what is the purpose of a node? So this is how we are going to play.

First, think of what PKS is doing. The whole purpose of VMware PKS is to provide an enterprise-grade way to deploy and manage Kubernetes on top of VMware SDDC stack, as well as on public cloud providers such as GCP.

When you deploy a Kubernetes Cluster, that cluster of containers is deployed on VM's, and the VM's are actually what we call Nodes. The Nodes (AKA vSphere virtual machines) are where the containers and pods will run.

That gives us a basic infrastructure to support pods and containers, and NSX-T will provide the networking, load balancing and security for those components.

The next question is, where do the images for my containers come from? Easy… VMware PKS has Harbor included, and Harbor, in a nutshell, is a container registry image repository. The cool thing about Harbor is that it has several features that you can leverage, like container signing, vulnerability scanning, and authentication. Although VMware PKS comes with Harbor, you are welcome to integrate any other container image registry of your choosing.

There are two other components of PKS that are important and complete the solution. Let's talk about Service Broker.

At its core, Service Broker is focused on exposing service provisioning to end users. In other words, service broker is there to allow you to use GCP (GCP Service Broker) for access to Google services to apps running in your Kubernetes cluster.

The final module, or building block of VMware PKS, is PKS Control Plane. I guess for this one, you know the name already helps us understand the function. Simply put, the control plane is responsible for managing the lifecycle of Kubernetes clusters that were deployed. The control plane allows users to use the PKS CLI, create clusters, view information about clusters, and obtain credentials to deploy workloads to clusters, scale clusters and delete clusters; so basically, all the control and intelligence. We will talk about Control Plane Architecture in a later blog. That is definitely way more under the hood than what we want to go over today.

That is the full picture of PKS!! Now just add monitoring and we are good to go.

For monitoring and troubleshooting we have several tools that are really cool, like Wavefront and vROP's, and vRLI.

To make life easier, here is a summary list of all components that make up VMware PKS:

NSX -T- providing network and security for all the workloads.

Bosh - handles lifecycle management, day 1 and day two operations, deployment of nodes, patching, repairing, upgrading and scaling.

Harbor - Container registry, has all the images that you possibly want to use for your deployments and has scanning, authentication, user control, content trust, LDAP.

PKS Control Plane - using PKS cli, create, delete, manage Kubernetes cluster.