Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…
I’m delighted to report that my new book, Kubernetes for vSphere Administrators, is now available. It is available in both paper form and as a Kindle eBook. Links to both are provided below. The links above direct you to Amazon.com. However the book is available in other Amazon marketplaces as well. (If you can’t see the text+images above, this is a link to the paper book and this is a link to the eBook.) I hope readers of this book find it useful. I would be delighted to receive feedback and reviews on the content.
Last year, I wrote a post about my 16 years at VMware. As part of that milestone, VMware has kindly granted me 4 weeks of respite. I’m not one for sitting on a beach for hours on end. Apart from some jobs around the house (that I have been putting off for far too long), and some short breaks, I wanted to use this time to finish a long-term project that I have been working on. The project is a new book called Kubernetes for vSphere Administrators. I thought I’d give you all a quick look at the cover and…
In this post, we will look at a relatively new announcement around support for vanilla or upstream Kubernetes clusters, vSAN stretched cluster and the vSphere CSI driver. There are a number of updates around this recently, so I want to highlight a few observations before we get into the deployment. First of all, it is important to highlight that a vSAN Stretched Cluster can have at most 2 fault domains. These are the data sites. While there is a requirement for a third site for the witness, the witness site does not store any application data. Thus all of the…
I recently wanted to deploy a newer versions of Kubernetes to see it working with our Cloud Native Storage (CNS) feature. Having assisted with the original landing pages for CPI and CSI, I’d done this a few times in the past. However, the deployment tutorial that we used back then was based on Kubernetes version 1.14.2. I wanted to go with a more recent build of K8s, e.g. 1.16.3. By the way, if you are unclear about the purposes of the CPI and CSI, you can learn more about them on the landing page, here for CPI and here for…
After being asked about how vSphere Host Groups worked with Availability Zones in Enterprise PKS earlier this week, I decided to spend a little time setting it up in my lab and doing some testing to make sure I could understand the feature and its behaviour. Essentially what this feature allows you to do is to make use of the vSphere Host Group feature to group a bunch of ESXi hosts together. Then as one builds Availability Zones (commonly referred to AZs) in Enterprise PKS, a Host Group can be associated with an AZ. Anything that Enterprise PKS deploys to…
After spending some time watching, digesting and then writing about Project Pacific Deep Dive updates from VMworld 2019, the next item on my to-do list was to get up to speed on VMware Tanzu, or to be more specific, Tanzu Mission Control. The reason I am being more specific is that VMware Tanzu is a broad portfolio of products and features which can be categorized into 3 distinct areas. These areas are Build, Run and Manage. The Build category related to initiatives taking place in the developer space, notably with Bitnami and Pivotal, the former having recently been acquired by…