The next major version of VMware vSphere will include Project Pacific, which will enable easy container and application management from within vSphere, alongside VMs. The Project Pacific tool set was introduced at VMworld 2019 as a native Kubernetes platform.
Project Pacific integrates the Kubernetes container management workflow directly into vSphere and ESXi, similar to how VMware integrated vSAN and NSX. Kubernetes has become the most popular method for managing containers, beating out other platforms such as Docker. It lets you manage your containers via the same UI you use to manage your VMs -- in vCenter Server, through the vSphere Web Client.
Project Pacific will come as a set of modules, which you can activate or not when installing the next major release of vSphere.
The benefits of Project Pacific and Kubernetes
Not every company requires or uses Kubernetes -- in the same way that not every company uses vSAN or NSX-T. These tools are just different building blocks that help administrators construct the system their organization needs. However, Project Pacific and Kubernetes do provide a few key benefits:
Centralized application management. Project Pacific makes it possible to manage many different workloads from the same interface. It enables you to manage and apply policies at the application level, not simply at the VM level.
VMs and containers as a single platform. Project Pacific brings a new set of APIs to vSphere that can talk to both VMs and containers. It enables you to manage entire applications that run on a combination of VMs and containers, letting you mix and match to decide what works best for a specific application.
Kubernetes interface. Project Pacific introduces a Kubernetes UI for developers to use that enables them to consume resources such as clusters, disks and networks.
API management. Project Pacific uses the vSphere API and exposes it as a native Kubernetes API, enabling you to use existing vSphere tools to manage Kubernetes and vSphere resources.
Most modern applications run on several VMs. This can make their management more challenging. That's why running modern applications in containers, or a combination of containers and VMs, makes sense because it eases management.
VMware Project Pacific architecture
Kubernetes uses a namespace, which is a collection of resource objects, such as containers, VMs and disks, and represents the unit of management.
Namespace enables you to do with modern applications what you used to do with VMs. You can control resource allocation, vMotion, encryption, vSphere High Availability and snapshots for a whole namespace of objects, instead of dealing with specific VMs.
Kubernetes is integrated deep inside the ESXi hypervisor. Kubernetes clusters usually use a Linux OS worker node to execute Supervisor, which is a special kind of Kubernetes cluster that oversees other clusters. The Supervisor runs directly in ESXi as a module called Spherelet.
The Supervisor is a modified version of traditional Kubernetes that better integrates vSphere with Kubernetes. However, you can still run traditional Kubernetes clusters -- or guest clusters -- inside a VM if you must.
Guest clusters are fully compliant with Kubernetes and fully compatible with all Kubernetes applications. However, they aren't natively integrated and must be managed in vSphere with open source Cluster APIs.
ESXi Native Pods
VMware Project Pacific enables a new kind of workload called Pods to run on vSphere. Each Pod runs an isolated VM on each ESXi hypervisor, which have a new container runtime called CRX. CRX is a VM with a Linux kernel and minimal container runtime inside the Guest OS.
This Linux kernel of CRX is coupled with ESXi and, as such, is highly optimized. As a result, you can launch Pods fast -- in under 100 milliseconds. ESXi will be able to support more than 1,000 Pods. Pods can run over 8% faster than VMs on bare-metal Linux systems.
Harbor Image Registry
When running containers and apps, you need a place to put the container images. VMware has integrated Harbor Image Registry into vSphere for this purpose.
Harbor Image Registry is an open source image registry that secures images with role-based access control. It can also scan images for vulnerabilities and sign them off as trusted if none are found.