Story image

PKS now available: Revisiting VMware's Pivotal Container Service

14 Feb 2018

After a long wait since the official launch and initial availability announced back in early December last year, Pivotal and VMware’s joint solution, Pivotal Container Service (PKS) is now available generally.

PKS is a Kubernetes-based container service designed to meet the needs of operators and developers by providing native Kubernetes combined with advanced day-1 and day-2 capabilities needed to run Kubernetes at scale in production, says VMware’s Narayan Mandaleeka, senior product line manager.

Since the December 2017 launch, the company has been offering early access of PKS to some customers across a range of industries, including banking, insurance, retail and healthcare.

On VMware's blog, Mandaleeka lists four key features of PKS:

1. PKS Empowers Developers through Automation and Self-Service

“PKS provides a set of APIs and a command-line interface that let platform operators fully automate the deployment of Kubernetes clusters, including complex tasks such as configuring and provisioning load balancers, networks, and security policies,” Mandaleeka writes.

“PKS exposes Kubernetes natively to developers, and as a result, they can launch, scale, and interact with their own Kubernetes clusters by using the familiar Kubernetes APIs or kubectl commands.”

2. PKS Delivers Multi-tenancy at the Cluster Level for Enhanced Isolation and Security

“Multiple Kubernetes clusters can be deployed and managed from a single control plane.”

“Included in PKS, VMware NSX-T isolates these clusters using network security policies. Kubernetes clusters can be deployed into different vSphere clusters and configured to use different datastores.”

“The result achieves complete isolation and avoids the noisy/nosey neighbor problem between tenants.”

“In addition, PKS includes Project Harbor, an open source enterprise container registry. The integration of Harbor with PKS simplifies image management with distribution, replication and security mechanisms.”

“Harbor features a logical construct called Project, which is used to group users and repositories to enable fine-grained access control.”

“For example, a project can be dedicated to a CI/CD pipeline, with unscanned images completely separated from production images. Once the images pass all tests, they could be replicated to a repository closest to the production clusters for deployment.”

3. PKS Drives Operational Efficiency with Seamless Maintenance

“With BOSH as a key component, PKS monitors the health of clusters and can self-heal to enable clusters to run at optimal capacity.”

“If a node is deemed unhealthy, PKS automatically detects its state and resurrects it without workload downtime.”

“In addition, patching and upgrades of Kubernetes nodes (including the underlying operating system) can be managed from the PKS platform in a centralized fashion, without impact to running applications.”

4. PKS Delivers Enterprise-Grade Security for Container Workloads

“PKS is engineered to be highly secure. It includes micro-segmentation, security policies, container image signing, vulnerability scanning, and user identity and access management through User Account and Authorization Service (UAA).”

“Through the integration with NSX-T, PKS provides automated network topologies and micro-segmentation policy to each container in the Kubernetes cluster.”

“Additionally, clusters are deployed in a secure, isolated network to protect traffic and data privacy. Through UAA, admins can use their enterprise credentials to securely access the PKS control plane.”

“In addition, PKS scans images for vulnerabilities, signs and verifies images, and provides auditing capabilities for enterprise security and compliance.”

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.