VMware and Pivotal’s PKS Distribution Marries Kubernetes with BOSH
In the cloud-native space, broadly speaking, there are two groups of users: platform operators and developers. And rarely does a new product or service meet the needs of both groups equally well.
Through the recently announced PKS (Pivotal Container Service), VMware and Pivotal — in partnership with Google Cloud — are focused squarely on solving this problem. Their new commercially supported release of the Cloud Foundry Container Runtime promises to make Kubernetes easy to run and operate for virtualization administrators, thus giving development teams the support they want for new initiatives that require reliable infrastructure in the form of Kubernetes running on vSphere or Google Cloud Platform.
By combining Kubernetes with VMware’s infrastructure tooling and multi-cloud capabilities, Pivotal and VMware have created a product that may truly bring devs and ops together.
The Beauty of BOSH
The Kubernetes container orchestration system, managed by the Cloud Native Computing Foundation, is often called the “Linux of the cloud” and is enjoying massive adoption across industries. Even Docker has adopted it as an orchestrator alongside Swarm. However, it’s not a one-size-fits-all solution. Depending on the use case, a user may find some limitations in Kubernetes.
Kubernetes does an excellent job managing containers, for example, but it’s not that good with virtual machines (VMs). If a node fails, with pods running on it, Kubernetes will be aware of the failure. It will find a new node and redeploy those pods on it to maintain the applications layer availability. However, Kubernetes is never going to respawn that worker node to bring that cluster back to full strength.
But tools like BOSH can.
BOSH will monitor the infrastructure layer. If a node goes down, BOSH will bring up another instance, add it to the cluster and restore the cluster to its full capacity.
Recognizing that this was a use case the Kubernetes community was not addressing, Pivotal and Google worked together to marry the capabilities of BOSH and Kubernetes and created a project called Kubo (Kubernetes on BOSH). The project was donated to the Cloud Foundry Foundation, which later renamed it the Cloud Foundry Container Runtime (CFCR) and used it as the default container runtime for Cloud Foundry.
Pivotal and VMware have since teamed up to productize CFCR as PKS, a production-grade Kubernetes that’s designed to ease the “Day 2 operations burden for container orchestration with built-in HA, monitoring, automated health checks, and much more.”
Close Collaboration Between Sisters
VMware, a sister company of Pivotal under the Dell umbrella, saw huge potential in PKS to bring operational control and comfort to existing VMware admins. Thus the two companies have formed a close collaboration.
“It’s not that we’re OEMing a Pivotal product. We have at least as many development engineers on PKS as Pivotal has; it’s very much a joint program,” said Paul Dul, vice president of product management for cloud-native applications at VMware.
This engagement goes beyond code development. Both companies work together in terms of addressing different customer segments on the developer side and on the infrastructure platform operation side.
Working with Pivotal makes sense for VMware in two ways. According to Dul, the combo can: 1) deliver a better product and 2) address a broader customer base.
In terms of user base, VMware has strong relationships with platform operators and virtual infrastructure operators on the one hand. Pivotal, on the other hand, has strong relationships with developers, said Dul. So collectively VMware and Pivotal are catering to a broad set of users.
Pivotal has added a number of things above and beyond PKS to serve its customers. “One of those things is PKS Controller, a control plane that allows users to quickly spin multi-tenant clusters and also provide rolling upgrades to those clusters,” said Dul.
One key piece that VMware brings to PKS is NSX-T software-defined infrastructure, which provides the networking virtualization capabilities to Kubernetes. The real value that NSX-T brings is that networking tends to be one of the most complex cases in the Kubernetes space.
“Most of the issues that we hear from customers are around the networking layer,” said Dul. “NSX-T brings a lot of capabilities in terms of visibility, monitoring and diagnosis as well as micro-segmentation to be able to control east/west traffic flows between pods.”
“We have micro-segmentation at the pod level, which allows users to set up security groups at the pod level to control traffic. Let’s assume the front end needs to talk to some database, it’s not a great idea. It should be talking to the application and not the database. We offer the ability to lock things down the way a user would want, and that offers a unique value proposition that we bring to the table with NSX-T,” added Dul.
Depending on user needs, VMware will add more capabilities to the distribution like a much-needed security component through open source projects such as Harbor, a container registry server that stores and distributes Docker images. It has a lot of enterprise-grade features, for example, integration with identity management systems. It also brings the capability of vulnerability scanning so it can restrict the use of unsigned images. Not all distros include such a component and may rely on partners to deliver this functionality.
PKS can’t package every single capability that users may need. Harbor, for example, does not provide runtime detection, but VMware does have products in its portfolio that do offer such protection. VMware provides custom integration of it various tools for PKS — including vRealize Automation, vRealize Operations, vRealize Login, among many others. The value VMware brings here is that PKS can easily integrate with the tools that are available in the VMware marketplace.
How Vanilla is PKS?
With all these added capabilities and tight integration with VMware products, is it fair to say PKS is a Kubernetes distribution? If yes, how far away has it moved from pure Kubernetes?
While VMware offers tight integration with vSphere and other VMware products, the fact is PKS is pure, vanilla Kubernetes. “We don’t put our own CLI or interfaces on top of it, as some others do. It’s not almost Kubernetes, it’s plain vanilla Kubernetes,” said Dul.
As a vanilla distribution, then, PKS must find other ways to differentiate. This lies in access to these VMware tools, capabilities and integration, that provide portability and compatibility.
“When we look at differentiators, I would say that there are a few and NSX-T, which provides east-west micro-segmentation of traffic between two VMs within the same network, is one of the strongest differentiators. BOSH is also a strong differentiator as well, in terms of offering self-healing capabilities. But being able to integrate with VMware tools is one of the key differentiators,” said Dul.
Designed for Multi-Cloud
PKS is not a vSphere-only solution. It is intended to be multi-cloud. “The initial release of PKS supports vSphere and Google Compute Platform,” confirmed Dul. “But there are other platforms that we will roll out over time.”
Since CFCR is multi-platform, it can run on AWS, Azure and OpenStack. It’s expected that over time, PKS will provide support for all these platforms. “Most of our tools are multi-cloud so most of our large enterprise customers will have them through a very clean integrated stack,” said Dul.
One might assume that PKS is tied to Pivotal Cloud Foundry (PCF). That’s not the case, PKS runs independently.
In fact, PCF itself has gone through some major changes recently that has changed the terminologies. With the launch of PCF 2.0, PCF itself has become an umbrella brand with 3 core components under it: PAS (Pivotal Application Service, which used to be PCF); PFS (Pivotal Function Service, which will be released later) and PKS.
Now a customer can deploy PKS independent of PAS (formerly PCF). But if they choose to deploy it with PAS, they will be able to leverage the PAS control plane. Existing PCF/PAS customers can deploy PKS as part of PAS deployment, but new customers can deploy PKS independent of PAS.
What customers really want is application portability. “There are a couple of ways that we could potentially provide application portability. The whole concept of Kubernetes is around application portability and having a set of APIs and common orchestration layer that runs across multiple clouds,” said Dul.
One of the things that VMware does in PKS is what they call ‘Constant Compatibility.’ It’s always compatible with the latest release of Google Kubernetes Engine (GKE) and the latest release of upstream Kubernetes.
“Wherever you have Kubernetes, it could be GKE or any other service, you can pick your application and move into it. There are other things like data, etc that may cause portability challenges but in terms of being completely compatible with application architecture, container orchestration and container framework, PKS is designed in a way that users can seamlessly pick things up and have that level of portability,” said Dul.
Kubernetes is evolving very rapidly, new releases keep coming. PKS is certified by CNCF to be compatible with Kubernetes 1.8. To reduce latency for customers, Dul said that PKS aims to offer support for the latest release of Kubernetes within 30 days
Keeping up with Kubernetes ensures that PKS is fully compatible with vanilla Kubernetes solutions like GKE so that customers have the assurance of portability and access to even more services.
“Wherever there is vanilla Kubernetes, whether it’s a managed service or whether it’s another distribution that is being deployed and managed by a customer, as long as it’s been on Kubernetes it’s going to be the same. And that’s part of the value proposition of the PKS,” said Dul.
Compatibility with GKE also enables PKS customers to access services that are available on the Google Compute Platform. You can deploy PKS on-prem and yet consume GCP services like machine learning.
It’s the best of many worlds!
