What’s New in Container Service Extension 2.6 for VMware Cloud Director

Container Service Extension (CSE) for VMware Cloud Director enables service providers to offer Kubernetes services. The latest release 2.6 introduces new functions for provider admins and tenants. Tenant users can now use a graphical user interface in the Cloud Director tenant portal to create, view and delete their Kubernetes clusters, in addition to the command line interface. It’s now also possible to upgrade Kubernetes components, Weave (CNI) and the Docker engine in existing clusters. For provider admins the new version introduces configuration file encryption for additional security.

Find the Release Notes here: https://vmware.github.io/container-service-extension/RELEASE_NOTES.html
The main repository for CSE on github: https://github.com/vmware/container-service-extension
The main documentation page: https://vmware.github.io/container-service-extension/INTRO.html

Kubernetes Container Service UI

The new graphical user interface of CSE shows follows the Cloud Director paradigm of separating provider tasks and tenant self-service capabilities. The provider view shows all clusters from all tenants.

CSE UI - Provider View

A tenant user can create a new Kubernetes cluster through the wizard in the UI, and view cluster details.
CSE UI - Create New Cluster

Very useful is the link to download the Kubernetes configuration file, this file can then directly be used to access the cluster e.g. using kubectl.

CSE UI - Cluster Detail View

The interface is provided by a UI Plugin for Cloud Director, you can install it either using the “Customize Portal” page in the provider portal, or with the command line tool that’s part of the CSE repository. For more details see the documentation: https://vmware.github.io/container-service-extension/CSE_UI_PLUGIN.html 

In-place Cluster Upgrades

It’s now possible to use the cse command line tools to upgrade existing clusters. The components that can be upgraded to a newer version are

  • Kuberenetes components e.g. kube-server, kubelet, kubedns etc.
  • Weave (CNI)
  • Docker engine

The supported upgrade paths can be discovered using the following command

The actual upgrade of the cluster is done with

The downtime needed for the upgrades depends on the components that need to be upgraded.

Find the documentation here: https://vmware.github.io/container-service-extension/CLUSTER_MANAGEMENT.html#k8s_upgrade

Configuration File Encryption

Starting with CSE 2.6.0, CSE server commands will accept only encrypted configuration files by default. As of now, these are CSE configuration file and Enterprise PKS configuration file. CSE exposes two server CLI commands to help CSE server administrators encrypt and decrypt the configuration files.

The default behavior can be changed to keep CSE Server accept plain text configuration files using the flag –skip-config-decryption with any CSE command that accepts a configuration file.

These great new features in CSE make the consumption of Kubernetes clusters for tenants easier and more powerful, and help to drive adoption of container services on top of VMware Cloud Director.