Container Service Extension (CSE) for VMware Cloud Director enables service providers to offer Kubernetes services. The latest release 2.6 introduces new functions for provider admins and tenants. Tenant users can now use a graphical user interface in the Cloud Director tenant portal to create, view and delete their Kubernetes clusters, in addition to the command line interface. It’s now also possible to upgrade Kubernetes components, Weave (CNI) and the Docker engine in existing clusters. For provider admins the new version introduces configuration file encryption for additional security.
Find the Release Notes here: https://vmware.github.io/container-service-extension/RELEASE_NOTES.html
The main repository for CSE on github: https://github.com/vmware/container-service-extension
The main documentation page: https://vmware.github.io/container-service-extension/INTRO.html
Kubernetes Container Service UI
The new graphical user interface of CSE shows follows the Cloud Director paradigm of separating provider tasks and tenant self-service capabilities. The provider view shows all clusters from all tenants.
A tenant user can create a new Kubernetes cluster through the wizard in the UI, and view cluster details.
Very useful is the link to download the Kubernetes configuration file, this file can then directly be used to access the cluster e.g. using kubectl.
The interface is provided by a UI Plugin for Cloud Director, you can install it either using the “Customize Portal” page in the provider portal, or with the command line tool that’s part of the CSE repository. For more details see the documentation: https://vmware.github.io/container-service-extension/CSE_UI_PLUGIN.html
In-place Cluster Upgrades
It’s now possible to use the cse command line tools to upgrade existing clusters. The components that can be upgraded to a newer version are
- Kuberenetes components e.g. kube-server, kubelet, kubedns etc.
- Weave (CNI)
- Docker engine
The supported upgrade paths can be discovered using the following command
vcd cse cluster upgrade–plan ‘mycluster’
The actual upgrade of the cluster is done with
vcd cse cluster upgrade ‘mycluster’
The downtime needed for the upgrades depends on the components that need to be upgraded.
Find the documentation here: https://vmware.github.io/container-service-extension/CLUSTER_MANAGEMENT.html#k8s_upgrade
Configuration File Encryption
Starting with CSE 2.6.0, CSE server commands will accept only encrypted configuration files by default. As of now, these are CSE configuration file and Enterprise PKS configuration file. CSE exposes two server CLI commands to help CSE server administrators encrypt and decrypt the configuration files.
cse encrypt config.yaml —output encrypted–config.yaml
cse decrypt encrypted–config.yaml –o decrypted–config.yaml
The default behavior can be changed to keep CSE Server accept plain text configuration files using the flag –skip-config-decryption with any CSE command that accepts a configuration file.
These great new features in CSE make the consumption of Kubernetes clusters for tenants easier and more powerful, and help to drive adoption of container services on top of VMware Cloud Director.