State of app certifications on Kubernetes in 2025

18. Juni 202517. Juni 2025 von Bjoern Brundert

The software industry has undergone significant changes in how applications are deployed and supported, particularly with the rise of containerization and Kubernetes. Traditionally, application vendors certified their software for specific operating system versions. Kubernetes introduced a new paradigm that potentially changes this support model. In this post, I want to examine whether it is time to shift from traditional support models to supporting Kubernetes (API) versions.

Traditional OS-Specific Support Model

How the Traditional Model Works

In the traditional model, software vendors test and certify their applications against specific operating system versions and patch level. This approach creates a tightly controlled environment where the vendor can ensure compatibility and performance. For enterprise applications vendors like SAP, Oracle or Microsoft this model has been the standard for decades – with detailed compatibility matrices specifying app versions are supported on which OS versions and what patchlevel.

Benefits of the Traditional Model

Predictability and Stability: By limiting supported environments, vendors can thoroughly test their applications in controlled conditions, reducing the risk of unexpected behavior
Clear Support Boundaries: When issues arise, there’s a clear delineation of responsibility between the application vendor, OS vendor, and customer
Simplified Testing: Vendors only need to test against a finite number of OS versions rather than an infinite combination of configurations
Established Processes: Enterprise customers are familiar with this model and have built their IT operations around it

The Kubernetes Paradigm Shift

How Kubernetes Changes Application Deployment

More than 10 years ago, first Docker and then Kubernetes started to introduce an abstraction layer between applications and the underlying infrastructure, using containers to package applications with their dependencies. This creates a more consistent runtime environment regardless of the underlying infrastructure. Kubernetes provides standardized APIs for deploying, scaling, and managing containerized applications across different environments – including fundamental infrastructure abstractions like storage (volumes) or networking capabilities.

The Kubernetes Conformance Testing Process

Kubernetes is governed by the Cloud-Native Computing Foundation (CNCF). And the CNCF has established a process to ensure “Kubernetes actually is Kubernetes”. This is called conformance testing. Kubernetes conformance is verified through Sonobuoy, a diagnostic tool that runs the official conformance test suite. The conformance test suite checks whether Kubernetes distributions meet the project’s specifications, ensuring compatibility across different implementations by covering APIs, networking, storage, scheduling, and security. Only API endpoints that are generally available and non-optional features are eligible for conformance testing.

The CNCF has made significant progress in conformance coverage – from approximately 11% of endpoints covered by tests in 2018 to less than 6% of endpoints not covered by conformance tests as of Kubernetes 1.25. This comprehensive coverage means that any CNCF-certified Kubernetes distribution must support the same core APIs, regardless of the underlying infrastructure or vendor-specific additions.

The Case for Kubernetes API-Based Support

At the same time, many application vendors are still applying the traditional OS-specific support model to Kubernetes by certifying their applications for specific commercial Kubernetes distributions. This approach treats each Kubernetes distribution as if it were a different operating system, requiring separate certification and support processes.

Benefits of Supporting Kubernetes API Versions

Simplified Support Model: By focusing on Kubernetes API compatibility, support becomes more straightforward, with clearer boundaries between application issues and infrastructure issues
Improved Portability: By supporting Kubernetes API versions rather than specific distributions, applications become more portable across different environments
Vendor Lock-in Concerns: Some customers worry about vendor lock-in with specific Kubernetes distributions and want assurance their applications will work in other environments
Reduced Certification Burden: Application vendors can focus on testing against standard Kubernetes APIs rather than multiple distributions, reducing the testing matrix significantly
Faster Innovation: Application vendors can release updates more quickly without waiting for certification across multiple Kubernetes distributions
Alignment with Cloud-Native Principles: This approach better aligns with the cloud-native philosophy of platform independence and portability
Kubernetes API Stability Guarantees: Kubernetes provides strong API stability guarantees, especially for GA (Generally Available) APIs, making them reliable targets for support
Support Ecosystem: Established support channels and partnerships exist between application vendors and Kubernetes distribution providers

Challenges with the Kubernetes API-Based Approach

While there are many advantages to this approach, of course there are some potential challenges.

Distribution-Specific Features: Different Kubernetes distributions offer unique features and extensions that applications might leverage
Enterprise Customer Expectations: Many enterprise customers still expect vendor certification for their specific Kubernetes platform
Varying Implementation Details: Despite standardized APIs, implementations can vary across distributions, potentially causing subtle compatibility issues
Security and Compliance Requirements: Enterprise customers often have specific security and compliance requirements that are tied to particular distributions

Practical Considerations for Application Vendors

So what can be done about the situation? And how could the cloud-native community move forward towards a new model? As always in life, a balanced approach might be the best option to get started – and evolve from there.

Implementing a Balanced Approach

Define Core Requirements: Specify minimum Kubernetes version and required capabilities (like RWO volumes or load balancing) rather than specific distributions.
Tiered Support Model: Offer different levels of support – full support for tested distributions and best-effort support for any Kubernetes cluster meeting API requirements.
Leverage Kubernetes Certification: The CNCF Kubernetes Certification Program ensures distributions meet API compatibility requirements, providing a baseline for support.
Container-Focused Testing: Test applications in containers across different environments to ensure consistent behavior regardless of the underlying distribution.
Documentation and Guidance: Provide clear documentation on required Kubernetes features and configuration, enabling customers to self-validate their environments.

Conclusion & Comment

The transition from OS-specific support models to Kubernetes API-based support represents a significant evolution in application deployment and management. And a huge shift towards choice for customers and end-users. But while there are compelling reasons to adopt a more platform-agnostic approach based on Kubernetes API versions, many application vendors still rely on distribution-specific support.

As a user, I’d challenge application vendors that say “my app is only supported on X”. So is it a super cool cloud-native, container-based workload? A modern app that promises business benefits, a better operational experience or better resiliency?

Because if the container-based app can’t run on any conformant Kubernetes, it might actually be better suited for a traditional OS deployment model inside a VM. The operational burden of using and maintaining specific distributions or specific versions of distributions is just adding complexity – where Kubernetes and cloud-native apps actually promised a “next-gen” experience.

#vK8s 2021 edition – friends don’t let friends run Kubernetes on bare-metal

8. Januar 20261. September 2021 von Bjoern Brundert

Three years ago, I wrote a blogpost on why you wouldn’t want to run Kubernetes on bare-metal. VMware released a number of platform enhancements over these years and there is a lot of updated material and feedback – also coming from customers. So what are (my personal) reasons to run containers and Kubernetes (short “K8s”) on a virtual infrastructure & vSphere in particular?

Operations: Running multiple clusters on bare-metal is hard

Multiple clusters in a virtual environment are a lot easier and each cluster can leverage e.g. it‘s own lifecycle policies (e.g. for K8s version upgrades) instead of forcing one bare-metal cluster to upgrade. Running multiple Kubernetes versions side-by-side might be already or become a requirement in the near future.
It also makes lots of sense to run Kubernetes side-by-side with your existing VMs instead of building a new hardware silo and operational complexity
VMware’s compute platform vSphere is the de-facto standard for datacenter workloads in companies across industries and operational experience and resources are available across the globe. Bare-metal operations typically introduces new risks and operational complexity.

Availability/Resilience and Quality of service: you can plan for failures without compromising density

Virtual K8s clusters could benefit even in „two physical datacenter” scenarios where the underlying infrastructure is spread across both sites. A “stretched” platform (e.g. vSphere with vSAN Stretched Cluster) allows you to run logical three-node Kubernetes control planes in VMs and protect the control plane and workload nodes using vSphere HA.
vSphere also allows you to prioritize workloads by configuring policies (networking, storage, compute, memory) that will also be enforced during outages (Network I/O Control, Storage I/O Control, Resource Pools, Reservations, Limits, HA Restart Priorities, …)
- Restart a failed or problematic Kubernetes node VM before Kubernetes itself even detects a problem.
- Provide the Kubernetes control plane availability by utilizing mature heartbeat and partition detection mechanisms in vSphere to monitor servers, Kubernetes VMs, and network connectivity to enable quick recovery.
- Prevent service disruption and performance impacts through proactive failure detection, live migration (vMotion) of VMs, automatic load balancing, restart-due-to-infrastructure failures, and highly available storage

Resource fragmentation, overhead & capacity management: single-purpose usage of hardware resources vs. multi-purpose platform

Running Kubernetes clusters virtually and using VMware DRS to balance these clusters across vSphere hosts allows the deployment of multiple K8s cluster on the same hardware setup and increasing utilization of hardware resources
When running multiple K8s clusters on dedicated bare-metal hosts, you lose the overall capability to utilize hardware resources across the infrastructure pool
- Many environments won‘t be able to (quickly) repurpose existing capacity from one bare-metal host in one cluster to another cluster in a short timeframe
From a vSphere perspective, Kubernetes is yet another set of VMs and capacity management can be done across multiple Kubernetes clusters; it gets more efficient the more clusters you run
- Deep integrations with existing operational tools like vRealize Operations allow operational teams to deliver Kubernetes with confidence
K8s is only a Day-1 scheduler and does not perform resource balancing based on running pods
- In case of imbalance on the vSphere layer, vSphere DRS rebalances K8s node VMs across the physical estate to better utilize the underlying cluster and delivers best-of-both-worlds from a scheduling perspective
High availability and „stand-by“ systems are cost intensive in bare-metal deployments, especially in edge scenarios: in order to provide some level of redundancy, some spare physical hardware capacity (servers) need to be available. In worst case you need to reserve capacity per cluster which increases physical overhead (CAPEX and OPEX) per cluster.
- vSphere allows you to share failover capacity incl. incl strict admission control to protect important workloads across Kubernetes clusters because the VMs can be restarted and reprioritized e.g. based on the scope of a failure

Single point of integration with the underlying infrastructure

A programmable, Software-Defined Datacenter: Infrastructure as Code allows to automate all the
things on an API-driven datacenter stack
Persistent storage integration would need to be done for each underlying
storage architecture individually, running K8s on vSphere allows to leverage already abstracted and virtualized storage devices
Monitoring of hardware components is specific
to individual hardware choices, vSphere offers an abstracted way of monitoring
across different hardware generations and vendors

Security & Isolation

vSphere delivers hardware-level isolation at the Kubernetes
cluster, namespace, and even pod level
VMware infrastructure also enables the pattern of many smaller
Kubernetes clusters, providing true multi-tenant isolation with
a reduced fault domain. Smaller clusters reduce the blast
radius, i.e. any problem with one cluster only affects the pods in that small
cluster and won’t impact the broader environment.
In addition, smaller clusters mean each developer or environment (test,
staging, production) can have their own cluster, allowing them to install their own CRDs or operators without risk
of adversely affecting other teams.

Credits and further reading

The content above is mainly a summary of existing materials & personal observations (summarized by me) and based on lots of pre-work, VMworld presentations and whitepapers from colleagues like Michael Gasch, Frank Denneman, Kit Colbert, Kenny Coleman, Robert Guske, Robbie Jerrom and many more!
There has been a ton of material published around this topic recently (and some awesome foundational work by Michael Gasch incl. his KubeCon talk), I want to list a few of the public resources here:
- Why Choose VMware Virtualization for Kubernetes and Containers (Blogpost, January 2021)
- vSphere with Tanzu Supports 6.3 Times More Container Pods than Bare Metal (Blogpost, August 2021)
  - Full Study/Paper (PDF, August 2021)
- Kubernetes Resource Management for vSphere Admins (Blogpost and VMworld video, November 2019)
- The Value of vSphere in a Kubernetes World (Blogpost)
- Containers on Virtual Machines or Bare-Metal? (Whitepaper)
- Performance of Enterprise Web Applications in Docker Containers on VMware vSphere 6.5 (Blogpost and link to Whitepaper)
- VMs and Containers – Friends or Enemies (Slidedeck by Simone Morellato)
- VMworld 2018: The Value of Running Kubernetes on vSphere (video) (shout out to my friends Michael Gasch and Frank Denneman)

#vK8s – friends don’t let friends run Kubernetes on bare-metal

So, no matter what your favorite Kubernetes framework is these days – I am convinced it runs best on a virtual infrastructure and of course even better on vSphere. Friends don’t let friends run Kubernetes on bare-metal. And what hashtag could summarize this better than something short and crips like #vK8s ? I liked this idea so much that I created some “RUN vK8s” images (inspired by my colleagues Frank Denneman and Duncan Epping – guys, it’s been NINE years since RUN DRS!) that I want to share with all of you. You can find the repository on GitHub – feel free to use them whereever you like.

VMware Project Pacific – collection of materials

22. Mai 202513. November 2019 von Bjoern Brundert

Blogposts:

Introducing Project Pacific: https://blogs.vmware.com/vsphere/2019/08/introducing-project-pacific.html
Project Pacific Technical Overview: https://blogs.vmware.com/vsphere/2019/08/project-pacific-technical-overview.html
Project Pacific Beta Sign-Up: https://blogs.vmware.com/vsphere/2019/11/interested-in-the-project-pacific-beta.html
Infrastructure Self-Service with Project Pacific: https://blogs.vmware.com/vsphere/2019/09/infrastructure-self-service-with-project-pacific.html
Project Pacific Namespaces on Kubernetes: https://blogs.vmware.com/vsphere/2019/08/project-pacific-namespaces-on-kubernetes.html
Performance Details of Native Pods: https://blogs.vmware.com/performance/2019/10/how-does-project-pacific-deliver-8-better-performance-than-bare-metal.html
Workload Evolution in vSphere (William Lam): https://www.virtuallyghetto.com/2019/09/project-pacific-workload-evolution-in-vsphere.html
5 Things to know about Project Pacific (Frank Denneman): https://frankdenneman.nl/2019/08/26/5-things-to-know-about-project-pacific/
Introduction to Tanzu Mission Control and Project Pacific (Cormac Hogan): https://cormachogan.com/2019/08/26/vmworld-2019-announcement-vmware-tanzu-portfolio/
Project Pacific explained in AWS EC2 terms (Ryan Kelly): http://www.vmtocloud.com/project-pacific-k8s-explained-in-amazon-ec2-terms/
What Project Pacific really means to VMware (Ryan Kelly): http://www.vmtocloud.com/what-project-pacific-really-means-for-vmware/
[Nov 22, 2019] Project Pacific VMworld 2019 Deep-Dive Updates (Cormac Hogan): https://cormachogan.com/2019/11/22/project-pacific-vmworld-2019-deep-dive-updates/

VMworld US 2019:

HBI4500BU – Project Pacific Technical Overview: Unifying vSphere and Kubernetes – STREAM DOWNLOAD PDF
HBI4937BU – Introducing Project Pacific: Transforming vSphere into the App Platform of the Future – STREAM DOWNLOAD PDF
Tech Field Day special from VMworld: https://blogs.vmware.com/vsphere/2019/09/project-pacific-at-tech-field-day-extra-at-vmworld-2019.html

VMworld Europe 2019 sessions:

HBI1452BE – Project Pacific: Supervisor Cluster Deep Dive – STREAM DOWNLOAD
HBI1761BE – Project Pacific 101: The Future of vSphere – STREAM DOWNLOAD
HBI4500BE – Project Pacific: Guest Clusters Deep Dive – STREAM DOWNLOAD
HBI4501BE – Project Pacific: Native Pods Deep Dive – STREAM DOWNLOAD
HBI4937BE – Introducing Project Pacific: Transforming vSphere into the App Platform of the Future – STREAM DOWNLOAD
KUB1840BE – Run Kubernetes Consistently Across Clouds with Tanzu & Project Pacific – STREAM DOWNLOAD
KUB1851BE – Managing Clusters: Project Pacific on vSphere & Tanzu Mission Control – STREAM DOWNLOAD

Podcasts:

vSpeaking #129: Project Pacific – https://blogs.vmware.com/virtualblocks/2019/09/20/vspeaking-podcast-project-pacific/

Labs / Hands-On:

HOL-2013-01-SDC – Project Pacific – Lightning Lab: https://labs.hol.vmware.com/HOL/catalogs/lab/6877

Other interesting sources:

Virtual VMUG Meeting Dec 2019 with keynote „VMware’s Kubernetes Strategy: Tanzu and Project Pacific“: https://vmugvirtualdecevent.vfairs.com/
#vSphereChat focussed on #ProjectPacific on Twitter (Nov 12, 2019): https://twitter.com/search?q=vspherechat%20projectpacific&src=typed_query

Feel free to reach out if you are missing any interesting sessions here – happy to update this post anytime! @bbrundert

2019-05-30 – Cloud Native Short Takes

22. Mai 202530. Mai 2019 von Bjoern Brundert

KubeCon + CloudNativecon Barcelona 2019 & related announcements

Kubecon + CloudNativeCon Barcelona 2019 video recordings have been posted online
Cormac Hogan wrote a blogpost each day with personal highlights from KubeCon. Check out his posts from Day 1, Day 2 and Day 3.
Project Velero: 1.0 released! See more on the new Velero website
VMware announces PKS Partner Application Program
Aqua Security attains VMware PKS Partner Application Program validation
Harbor 1.8 has been released – OIDC support, enhanced replication capabilities from and to Docker Hub, Docker Registry and Huawei Cloud – congratulations, Team Harbor!!
Kubernetes podcast on tech life, evolution of the Kubernetes community and more from KubeCon EU with VMware’s Bryan Liles
VMware to acquire Bitnami
SMI: Service Mesh Interface – a specification for service mesh interoperability (Microsoft, Linkerd, HashiCorp, Solo.io, Kinvolk, and Weaveworks; with support from Aspen Mesh, Canonical, Docker, Pivotal, Rancher, Red Hat, and VMware)
Helm v3 preview (blogpost series)

Other community updates

Kubernetes Storage on vSphere 101 – The basics: PV, PVC, POD
Massive updates to the vSphere Storage documentation has been merged
Hear from Nianticlabs founder John Hanke about Pokemon Go, Augmented Reality and more in an interview series by VMware
Orchestrating Chaos Engineering (including K8S, Docker, vCenter or any Remote Machine with ssh enabled) with VMware’s project „Mangle“ (available as OVA or Docker Container)
VMware Container Service Extension 2.0 release and Enterprise PKS integration
Overview about the various integrations in VMware’s Codestream service: Kubernetes, git, Jenkins, Bamboo, Docker, Artifactory, Jira, Pivotal Application Service, Team Foundation Server, vRO, REST, …
Cluster API lays the groundwork for declarative kubernetes lifecycle management with v1alpha1
Cluster API demo on vSphere
Gitpod: One-Click Online IDE for GitHub
Kafka Summit London recordings have been made available already
In that context: Making Sense of Stream Processing
Cluster API to the rescue: an easier way to manage your kubernetes clusters
Setting up Kubernetes Network Policies
rback: rbac in Kubernetes visualizer (new project by Michael Hausenblas)
RBAC.dev: A site dedicated to collecting good practices and tooling around Kubernetes RBAC
Kubernetes Storage: Dynamic Volumes and the Container Storage Interface (CSI)

Deploying kubeapps helm chart on VMware Enterprise PKS (lab deployment!)

22. Mai 202515. Mai 2019 von Bjoern Brundert

With the recent announcement of VMware and Bitnami joining forces, I wanted to revisit the kubeapps project on Enterprise PKS earlier today. I followed the community documentation but ran into some smaller issues (see my GitHub comments here) that were coming up in the MongoDB deployment initially.

UPDATE: At first I thought you needed to enable privileged containers in PKS but actually you don’t have to do that! There was a typo in my configuration which led to an unknown flag for the MongoDB deployment. I used the flag „mongodb.securityContext.enable=false“ when deploying the Helm chart but it should have been „mongodb.securityContext.enabled=false“. Thanks to Andres from the Bitnami team for catching this! The instructions below have been updated!

Install Helm

Add the bitnami repo:

helm repo add bitnami https://charts.bitnami.com/bitnami

Add a „kubeapps“ namespace to deploy into

kubectl create namespace kubeapps

Add a Service Account to Tiller

vi rbac-config-tiller.yaml
---
apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tiller
   namespace: kube-system
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: tiller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
 kind: ServiceAccount
 name: tiller
 namespace: kube-system 
---
kubectl create -f rbac-config-tiller.yaml

Leverage newly created service account for Tiller:

helm init --service-account tiller

Create Service account for kubeapps-operator

kubectl create serviceaccount kubeapps-operator 

kubectl create clusterrolebinding kubeapps-operator \
--clusterrole=cluster-admin \
--serviceaccount=default:kubeapps-operator

kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' | base64 --decode

Copy the secret for use in the kubeapps dashboard later on.

Since NSX-T brings an out-of-the-box capability for exposing kubeapps to an external IP address, we can use LoadBalancer and skip the port-forwarding section of the documentation. Following what I found in another bug, I set some extra flags for disabling IPv6:

helm install --name kubeapps --namespace kubeapps bitnami/kubeapps \
--set frontend.service.type=LoadBalancer \
--set mongodb.securityContext.enabled=false \
--set mongodb.mongodbEnableIPv6=false

After a few minutes, the deployed services & deployments should be up and running:

Follow then part three of the instructions to access the dashboard.

2019-05-13 – Cloud Native Short Takes

22. Mai 202513. Mai 2019 von Bjoern Brundert

Hello everyone and welcome to my first Cloud Native Short Take. Following the spirit from my previous efforts, I’d like to share some interesting links and observations that I came across recently. So, lets get right into it:

Red Hat Summit carried some interesting updates for customers that run OpenShift on VMware today or plan to do it in the future. There was a joint announcement of a reference architecture for OpenShift on the VMware SDDC. Read more about it on the VMware Office of the CTO Blog, the VMware vSphere Blog as well as the Red Hat Blog.
Speaking of announcements, GitHub just announced „GitHub Package Registry“ – a new service that will users allow to bring their packages right to their code. As GitHub puts it: „GitHub Package Registry is a software package hosting service, similar to npmjs.org, rubygems.org, or hub.docker.com, that allows you to host your packages and code in one place. „
My friends at Wavefront launched a new capability around observability in microservices land. Check out their blogpost around Service Maps in their Wavefront 3D Observability offering that combines metrics, distributed tracing and histograms. There is also a pretty cool demo on Youtube linked from that post – it’s beautiful!
Following the motto „Kubernetes, PKS, and Cloud Automation Services – Better Together!“, the VMware Cloud Automation Services team released a beta integration with Enterprise PKS. Read more about it on their blog and watch the webinar for more details.
My friend Cormac is a fantastic resource in all-things cloud-native storage these days. And thankfully, he shares lots of his own discoveries on his blog. His latest post is focused on testing Portworx‘ STORK for doing K8s volume snapshots in an on-prem vSphere environment. Read more about it here. Looking forward to the next post which will include some integration testing with Velero.
Speaking of Velero (formerly known as Ark), this project is heading to a version 1.0 release! I am very excited for the team! You can find the first Release Candidate here.
And coming back to Cormac’s blog – he just released a „Getting started with Velero 1.0-RC1“ blogpost with his test deployment running Cassandra on PKS on vSphere (leveraging Restic).
The Kubernetes 1.15 enhancement tracking is now locked down. You can find the document on Google Docs
I came across an interesting talk on InfoQ titled „The Life of a Packet through Istio“
Another interesting announcement came from Red Hat and Microsoft around a project called KEDA. KEDA „allows for fine grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KEDA serves as a Kubernetes Metrics Server and allows users to define autoscaling rules using a dedicated Kubernetes custom resource definition“. A very interesting project, check out the blogpost and a TGIK episode from Kris Nóva last Friday.
There is some useful material around the Certified Kubernetes Administrator exam in this little study guide
Oh and speaking of enablement: I can only recommend you check out the freshly published book „Cloud Native Patterns“ by the amazing Cornelia Davis on Manning.com. I have been following the development of that book via the „MEAP“ program and it’s a pretty great source of information!
Several thoughts on choosing the right Serverless Platform

Restarting „CNA Weekly“ as „Cloud Native Short Takes“ & shutting down the newsletter

22. Mai 20253. April 2019 von Bjoern Brundert

First of all, I’d like to thank all of you very much for your interest in my „CNA weekly“.
As you might have noticed, I haven’t shared any updates recently. That’s not because there aren’t any news, it’s more related to the format.

After reconsidering various options, I decided to delete my tinyletter account and continue (actually restart) my efforts on my blog at http://bit.ly/cna-shorttakes. You can subscribe via RSS (http://blog.think-v.com/?feed=rss2) e.g. via feedly (if you don’t know it, check it out!) or follow me on Twitter (https://twitter.com/bbrundert). Other options to continue receiving the content via email include RSS-to-email services like Blogtrottr or IFTTT.

Thanks again to all of you!

Take care,
Bjoern

Operationalizing VMware PKS with BOSH – how to get started

22. Mai 202525. Januar 2019 von Bjoern Brundert

I have installed VMware PKS in a variety of environments and I typically show something that helps Platform Operators running PKS to dive even deeper into the status of PKS components beyond the pks cli. One of the key lifecycle components in PKS is called BOSH. BOSH deploys Kubernetes masters and workers and performs a number of other tasks. So how do you get access to BOSH in the easiest way?

Step 1)

Step 2)

Open Ops Manager and click on the BOSH Director tile:
Click on the „Credentials“ Tab and search for „BOSH Commandline Credentials“:

You will see an output similar like this one:

{"credential":"BOSH_CLIENT=ops_manager 
BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
BOSH_ENVIRONMENT=192.168.1.100 bosh "}

Copy and paste that line and reformat it the following way:

BOSH_CLIENT=ops_manager 
BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
BOSH_ENVIRONMENT=192.168.1.100

Easiest way to get started every time is to make it part of your .bashrc configuration by doing the following:
- edit your .bashrc and append the outputs from above like this:
- ```
export BOSH_CLIENT=ops_manager 
export BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
export BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
export BOSH_ENVIRONMENT=192.168.1.100
```
- logout and login again (or just run the export commands on the CLI manually once)

Some example commands on how to interact with BOSH (and a nice cheat sheet at https://github.com/DennyZhang/cheatsheet-bosh-A4):

bosh deployments
PKS=$(bosh deployments | grep ^pivotal | awk '{print $1;}')
bosh -d $PKS vms
bosh -d $PKS instances
bosh -d $PKS tasks
bosh -d $PKS tasks -ar
bosh -d $PKS task 724
bosh -d $PKS task 724 --debug

CLUSTER=$(bosh deployments | grep ^service-instance | awk '{print $1;}')
bosh -d $CLUSTER vms
bosh -d $CLUSTER vms --vitals
bosh -d $CLUSTER tasks --recent=9
bosh -d $CLUSTER task 2009 --debug
bosh -d $CLUSTER ssh master/0
bosh -d $CLUSTER ssh worker/0
bosh -d $CLUSTER logs
bosh -d $CLUSTER cloud-check

Advanced users: you can also install the BOSH CLI on and admin VM and run from there:
- Download from https://github.com/cloudfoundry/bosh-cli/releases
- Copy the certificate from the Ops Manager VM (/var/tempest/workspaces/default/root_ca_certificate) to your admin VM and edit the .bashrc environment variables accordingly

See you at VMworld in Barcelona

22. Mai 20253. November 2018 von Bjoern Brundert

I look forward to another exciting VMworld in Barcelona. If you want to meet during the event, ping me on Twitter or find me here in person:

Monday: Run Kubernetes on VMware Workshop prior to VMworld, presenting on Open Source Kubernetes fundamentals from 10:15-11:15, TAM Day Expert Roundtables and afterwards from 11:15 onwards
Tuesday: VMware PKS booth at the VMworld Solutions Exchange from 10:30-14:30
Wednesday: VMware PKS booth at the VMworld Solutions Exchange from 10:30-15:00
Thursday: VMware PKS booth at the VMworld Solutions Exchange from 10:30-12:30

Have a safe trip and lots of fun!

#vK8s – friends don’t let friends run Kubernetes on bare-metal

22. Mai 202526. August 2018 von Bjoern Brundert

Over the past months, I had multiple conversations on why you would want to virtualize containers or Kubernetes. The „containers are somewhat providing virtualization – why should I do it at the server level as well?“ myth has been around for some time now. Before I start addressing this, let me take a quick step back here. When I started my career roughly 10 years ago in datacenter operations, virtualization wasn’t mainstream in many environments. I learned a lot about operating physical machines before I got to work on virtual infrastructures at scale. I also worked with multiple vendors and used several „Lights Out Management“ solutions and their basic automation capabilities to get my hardware up and running. But it was always a „yes, it’s getting easier from now on“ moment when vSphere was ready for configuration. While I enjoyed working in operations, I was always happy to set something up without plugging cables in or working on a server in the datacenters.

I have worked with customers that fully embraced virtualization and have been 100% virtualized for years. They have benefited so much from this move and were able to simplify so many of their operational tasks while doing this. Even if they chose a 1:1 mapping for few extremly demanding VMs to a given host, this was still the better option. Having a consistent infrastructure and operational framework outpaces the potential drawbacks or „virtualization overhead“ (another myth) if you look at the bigger picture. Even though I haven’t been working in operations for some time now, I still remember what it means to be called during the night or deal with spontaneous changes in plans/projects all the time. And businesses and therefore IT are only moving faster – automation, „software-defined“ and constant improvements should be part of everyone’s daily business in operations.

For me, this applies to all workloads – from your traditional legacy applications to modern application runtime frameworks such as Kubernetes or event-driven architectures that are leveraging Functions-as-a-Service capabilities. Most of them co-exist all the time and it’s not a one-or-the-other conversation but an AND conversation. Even highly demanding workloads such as core telco applications are put on virtual infrastructure these days, enabled by automation and Open Source API definitions. All of these can be operated on a consistent infrastructure layer with a consistent operational model. Infrastructure silos have been broken down over the past decade and VMware has invested a lot to make vSphere a platform for all workloads. So when someone mentions bare-metal these days all I can ask myself is „why would I ever want to go back“? I sometimes wonder if all the challenges that virtualization took away have simply been forgotten – it just ran too well.

So what are my personal reasons to run containers on a virtual infrastructure & vSphere in specific?

Agility, Independence & Abstraction: scale, repair, lifecycle & migrate underlying components independently from your workloads; if you ever worked in operations, this is daily business (datacenter move, new server vendor selected, major storage upgrades, … there are tons of reasons why this is still a thing)
Density: run multiple k8s clusters/tenants on same hardware cluster, avoid idle servers e.g. due to N+1 availability concepts
Availability and QoS: you can plan for failures without compromising density, you can even ensure SLOs/SLAs by enforcing policies (networking, storage, compute, memory) that will also be enforced during outages (NIOC, SIOC, Resource Pools, Reservations, Limits, …)
Performance: better-than-physical performance & resource management (core ESXi scheduling, DRS & vMotion, vGPUs, …)
Infrastructure as Code: automate all the things on an API-driven Software Defined Datacenter stack
Security & Isolation: yep, still a thing
Fun fact: even Google demoes K8s on vSphere as part of their „GKE on-prem“ offering 😉

There has been a ton of material published around this topic recently (and some awesome foundational work by Michael Gasch incl. his KubeCon talk), I want to list a few of the public resources here:

Why Choose VMware Virtualization for Kubernetes and Containers (Blogpost, January 2021)
vSphere with Tanzu Supports 6.3 Times More Container Pods than Bare Metal (Blogpost, August 2021)
- Full Study/Paper (PDF, August 2021)
The Value of vSphere in a Kubernetes World (Blogpost)
Containers on Virtual Machines or Bare-Metal? (Whitepaper)
Performance of Enterprise Web Applications in Docker Containers on VMware vSphere 6.5 (Blogpost and link to Whitepaper)
VMs and Containers – Friends or Enemies (Slidedeck by Simone Morellato)
VMworld 2018: The Value of Running Kubernetes on vSphere (video) (shout out to my friends Michael Gasch and Frank Denneman)

Introducing: #vK8s

So, no matter what your favorite Kubernetes framework is these days – I am convinced it runs best on a virtual infrastructure and of course even better on vSphere. Friends don’t let friends run Kubernetes on bare-metal. And what hashtag could summarize this better than something short and crips like #vK8s ? I liked this idea so much that I created some „RUN vK8s“ images (inspired by my colleagues Frank Denneman and Duncan Epping – guys, it’s been six years since RUN DRS!) that I want to share with all of you. You can find the repository on GitHub – feel free to use them whereever you like.