After we made the Aqua Security Scanner for PCF announcement last spring, we started the process of supporting Pivotal Container Service (PKS). Many Pivotal Cloud Foundry PAS customers have tested PKS and many are in production.
Having been on the security infrastructure side of life for a couple decades, this doesn’t surprise me at all because customers have been deploying workloads using VMware for many years now. In addition to the infrastructure investment, they have significant investments in staff training and professional services. They have heavily leveraged VM automation, etc. and built their enterprise applications on this platform. You may ask yourself, “Wait… if this is about Pivotal, why is he talking about VMware?”
For readers who aren’t familiar with Cloud Foundry, a delineation is necessary:
Cloud Foundry is an Open Source Application Platform, backed by many large orgs. GE, Verizon, Telstra, USAF, RBC, Honda, Garmin, get the picture? Financials, governments and corporates all contribute to Cloud Foundry.
Pivotal Application Service (PAS), formerly Pivotal Elastic Runtime, is a widely deployed distribution of Cloud Foundry Application Runtime (CFAR). The PaaS allows customers to implement the same application platform on any vendor’s cloud, on premises or otherwise. The tooling is based on BOSH and the internals (containerization, blue/green deployments, monitoring, etc.) are all baked in. While CFAR supports Docker images, CFAR is an application container platform unto itself. In our experience, it’s rare to come across customers using Docker images inside CFAR.
Pivotal Container Service (PKS) is Pivotal’s minted distribution of Cloud Foundry Container Runtime. When it is distilled, it reveals a vanilla flavor of Kubernetes inside, with the BOSH management layer on top. In terms of platform, PKS supports vSphere and GCP. In terms of network overlay, PKS supports Flannel and VMware NSX. Because this is BOSH, all of the wonderful things that have been occurring in that space are easily manageable, and PCF has deemed PKS “Enterprise-Grade” Kubernetes.
Now that we answered the “why VMware” question, I believe PKS is a natural progression for VMware’s user base. It allows these enterprises to retain their investments in VMware based SDN, storage, compute and best of all, their talent. As the large software entities walk the path of their “Open” evolution, PKS allows VMware to enhance their existing customer base with a fully supported Kubernetes platform. Most importantly, they can contribute to the Kubernetes community.
At Aqua, we're excited to help VMware users secure their container deployments. We have received positive feedback from customers who are using our Container Security Platform on PKS. The image below illustrates an installation of the PKS Enforcer.
It’s important to point out that this is an extension of our existing product line. Users of all the container platforms that we currently support will be able to extend that same level of auditability, accountability, and protection into PKS.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.