Automating Kubernetes Operations with Enterprise PKS

In building toward a k8s predictive auto-scale capability, I’ve built some simple constructs with virtual machines running on vSphere with kubeadm installed k8s. If you’ve followed the series, you know I reached the anticipated point of manually installed k8s becoming too inefficient to operate and had decided to implement VMware PKS to address that pain point.

Over the past year, many blogs have posted instructions on how to install and configure PKS. I suggest following the VMware and/or Pivotal online documentation. PKS is rapidly developed and released, and it doesn’t take long for a blog post on installation to become out of date. So I won’t post installation instructions here.

I will take a moment to describe the architecture and components as they are consistent across releases and necessary to understand before any installation.

The first four components you need to understand are Opsman, BOSH Director, PKS API , and stemcells.

Opsman (Pivotal Operations Manager, not to be confused with vRealize Operations Manager) is the central management interface for install/configure/update operations of the other PKS components. We begin by installing an Opsman vm from an OVF file. We then use a web browser to access the administration interface.

Opsman uses the term ‘Tile’ to refer to product packages. You import tiles that allow you to configure the product and then deploy it.

BOSH Director is deployed from Opsman as a tile. BOSH is responsible for connecting to the underlying IAAS, deploying VMs to it, and monitoring the health of those VMs and the k8s nodes running on them. It does more than this, but this level of understanding is enough for now.

PKS API is another tile we deploy from Opsman. It is associated by configuration points with the BOSH tile and defines the PKS API VM that will be deployed. The PKS API VM is the entry point to create Kubernetes clusters from the command line. As with BOSH, there is much more that the PKS API VM is responsible for but this is enough for now.

Finally, there are stemcells. Stemcells are simply VM templates that are IAAS specific. So we use one stemcell for deployments to vSphere and another for deployments to AWS. A stemcell defines both the operating system and the k8s release on the VM. When we update stemcells we are updating one or both of those components in our deployment.

So, we install Opsman, import BOSH and PKS tile, configure them for our underlying IAAS and resources, apply the correct stemcell(s), and then we’re ready to deploy and manage kubernetes.

I haven’t mentioned networking. PKS can use NSX-T or Flannel for the k8s clusters and NSX-T or vDS networking for the vSphere IAAS. PKS and K8s benefit significantly from NSX-T integration but is beyond the scope of this post.

In this post, I’ve provided a recording of the process to upgrade a PKS deployment. It’s a great example to illustrate the operational benefits PKS brings to k8s. I believe the days of ‘We’re going to run k8s on bare-metal’ are over, but I am occasionally surprised to hear it every now and again.

Considering that we moved to virtualization to make managing workloads and resources more efficient, running k8s on bare-metal would just be a step backwards in time. K8s nodes are operating systems, if you install them on bare-metal, you lose all of the benefits you have today with virtualization.

So, in the video, we see that our k8s clusters are updated, which includes the operating system and the k8s release. It is fully automated and there is no loss of k8s cluster service. With just the small three node cluster I manually installed with kubeadm on VMs, I would have to create a second environment, load another cluster, test the updated operating system with the updated k8s release, verify the settings were all correct, and then apply to each VM. Imagine that process with a production scale of k8s clusters. No thanks.

I’ll stop here for now. The next step in this series will be to get back to work on a predictive function and then investigate the API interfaces available to scale a PKS deployed k8s cluster. With PKS, I’m set with all of the underlying k8s components.