vSphere Kubernetes Service

Dynamically Rebalance or Evacuate VKS Control Plane / Worker Nodes across vSphere Zones in VCF 9.0

12.16.2025 by William Lam // 2 Comments

vSphere Zones in VMware Cloud Foundation (VCF) 9.0 have been enhanced to offer greater flexibility in resource consumption and isolation for both vSphere Supervisor Control Plane VMs (Management), vSphere Kubernetes Service (VKS) Cluster (Workloads) or a combination of the two.

Depending on your required level of management availability and workload isolation, administrations have several vSphere Supervisor Zone deployment options to select from:

Note: The management zone selection (single vs multi) is only configurable during the initial enablement of vSphere Supervisor. It is currently NOT possible to reconfigure the vSphere Supervisor to switch from a single to multi-zone management without re-deploying vSphere Supervisor.

[Read more...]

Quick Tip - Configuring vSphere Kubernetes Service (VKS) Cluster with self-signed container registry

08.12.2025 by William Lam // Leave a Comment

Over the weekend, I had finished building a small container application that I had developed on my local desktop, which worked great. However, the real test was to deploy the application on a vSphere Kubernetes Service (VKS) Cluster, which would require the container image to be hosted in a container registry.

Rather than using a public container registry, like many organizations, you typically would setup an internal registry that your infrastructure could have access to. Harbor is my go to container registry and is extremely simple to setup as it uses docker-compose under the hood.

After uploading my container image to Harbor, if you try to deploy it to your VKS Cluster, you will immediately see the following image pull error:

tls: failed to verify certificate: x509: certificate signed by unknown authority

Just like any system that attempts to connect to an endpoint with a self-signed TLS certificate that it can not verify, it will not trust which is the default behavior.

For our VKS Cluster to be able to successfully pull an image from Harbor with a self-signed TLS certificate, we need to add the trusted CA to our vSphere Namespace and then reference that as part of our VKS Cluster deployment.

[Read more...]

MS-A2 VCF 9.0 Lab: Configuring vSphere Kubernetes Service (VKS)

08.04.2025 by William Lam // Leave a Comment

This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities in the VCF 9 platform, all while maintaining a minimal resource footprint, which is ideal for lab and learning purposes.

In this blog post, we will explore one of the foundational vSphere Supervisor services called vSphere Kubernetes Service (VKS), enabling administrators to easily deploy, manage and lifecycle conformant Kubernetes Clusters at scale for their development and platform teams. VKS can be consumed through vCenter Server for single IT organizations, as well as through VCF Automation for organizations that require strong multi-tenancy, including cloud service providers.

Here are some additional VKS Resources that might be of interests if you would like to learn more: