VMware Tanzu Kubernetes Grid Integrated: A Year in Review

December 14, 2021

The modern application world is advancing at an unprecedented rate. However, the new possibilities these transformations make available don’t come without complexities. IT teams often find themselves under pressure to keep up with the speed of innovation. That’s why VMware provides a production-ready container platform for customers that aligns to upstream Kubernetes, VMware Tanzu Kubernetes Grid Integrated (formerly known as VMware Enterprise PKS). 

By working with VMware, customers can move at the speed their businesses demand without the headache of trying to run their operations alone. Our offerings help customers stay current with the open source community's innovations while having access to the support they need to move forward confidently.

Many changes have been made to Tanzu Kubernetes Grid Integrated edition over the past year that are designed to help customers keep up with Kubernetes advancements, move faster, and enhance security.

Kubernetes updates

The latest version, Tanzu Kubernetes Grid Integrated 1.13, bumped to Kubernetes version 1.22 and removed beta APIs in favor of stable APIs that have since evolved from the betas. 

Over time, some APIs will evolve. Beta APIs typically evolve more often than stable APIs and should therefore be checked before updates occur. The APIs listed below will not be served with v1.22 as they have been replaced by more stable API versions:

  • Beta versions of the ValidatingWebhookConfiguration and MutatingWebhookConfiguration API (the admissionregistration.k8s.io/v1beta1 API versions)
  • The beta CustomResourceDefinition API (apiextensions.k8s.io/v1beta1)
  • The beta APIService API (apiregistration.k8s.io/v1beta1)
  • The beta TokenReview API (authentication.k8s.io/v1beta1)
  • Beta API versions of SubjectAccessReview, LocalSubjectAccessReview, SelfSubjectAccessReview (API versions from authorization.k8s.io/v1beta1)
  • The beta CertificateSigningRequest API (certificates.k8s.io/v1beta1)
  • The beta Lease API (coordination.k8s.io/v1beta1)
  • All beta Ingress APIs (the extensions/v1beta1 and networking.k8s.io/v1beta1 API versions)

Containerd support

Tanzu Kubernetes Grid Integrated helps customers eliminate lengthy deployment and management processes with on-demand provisioning, scaling, patching, and updating of Kubernetes clusters.

To stay in alignment with the Kubernetes community, Containerd will be used as the default container runtime, although Docker can still be selected using the command-line interface (CLI) if needed.


Several updates have been made in regards to networking as well including support of Antrea and NSX-T enhancements.

Antrea support

With Tanzu Kubernetes Grid Integrated version 1.10 and later, customers can leverage Antrea on install or upgrade to use Kubernetes network policies. This enables enterprises to get the best of both worlds: access to the latest innovation from Antrea and world-class support from VMware. 

NSX-T enhancements

NSX-T was integrated with Tanzu Kubernetes Grid Integrated to simplify container networking and increase security. This has been enhanced so customers can now choose the policy API as an option on a fresh installation of Tanzu Kubernetes Grid Integrated. This means that users will have access to new features available only through NSX-T policy API. This feature is currently in beta.

In addition, more NSX-T and NSX Container Plug-in (NCP) configuration is possible through the network profiles. This operator command provides the benefit of being able to set configurations through the CLI, and this is persistent across lifecycle events. 

Storage enhancements

We’ve made storage operations in our customers’ container native environments easier, too. Customers were seeking a simpler and more secure way to manage Container Storage Interface (CSI), and we introduced automatic installation of the vSphere CSI driver as a BOSH process beginning with Tanzu Kubernetes Grid Integrated 1.11.

Also, as VCP will be deprecated, customers are advised to use the CSI driver. VCP-to-CSI migration is a part of Tanzu Kubernetes Grid Integrated 1.12 and is designed to help customers move forward faster.

Enhanced security

Implementing new technologies provides users with new capabilities, but it can also lead to new security vulnerabilities if not done correctly. VMware’s goal is to help customers move forward with ease and the confidence of knowing that enhancements don’t compromise core security needs.

CIS benchmarks

This year, Tanzu Kubernetes Grid Integrated continued to see improvements that help meet today’s high security standards. Meeting the Center for Internet Security (CIS) benchmarks standards is vital for Tanzu Kubernetes Grid Integrated.

In recent Tanzu Kubernetes Grid Integrated releases, a few Kubernetes-related settings have been adjusted to ensure compliance with CIS requirements:

  • Kube-apiserver with --kubelet-certificate-authority settings (v1.12)
  • Kube-apiserver with --authorization-mode argument includes Node (v1.12)
  • Kube-apiserver with proper --audit-log-maxage argument (v1.13)
  • Kube-apiserver with proper --audit-log-maxbackup argument (v1.13)
  • Kube-apiserver with proper --audit-log-maxsize argument (v1.13)

Certificate rotations

Tanzu Kubernetes Grid Integrated secures all communication between its control plane components and the Kubernetes clusters it manages, using TLS validated by certificates. The certificate rotations have been simplified in recent releases. Customers can now list and simply update certificates on a cluster-by-cluster basis through the “tkgi rotate-certificates” command. The multistep, manual process was replaced with a single CLI command to rotate NSX-T certificates (available since Tanzu Kubernetes Grid Integrated 1.10) and cluster-by-cluster certificates (available since Tanzu Kubernetes Grid Integrated 1.12).

Hardening of images

Tanzu Kubernetes Grid Integrated keeps OS images, container base images, and software library versions updated to remediate the CVEs reported by customers and in the industry. It also continues to use the latest Ubuntu Xenial Stemcell latest versions for node virtual machines. With recent releases and patch versions, the version of dockerd, containerd, runc, telegraf, nfs-utils had been bumped to the latest stable and secure versions as well.

By using Harbor as a private registry management service, customers could also leverage the built-in vulnerability scan features to discover the application images CVEs.

VMware is dedicated to supporting customers with production readiness by enhancing the user experience. Tanzu Kubernetes Grid Integrated Edition has stayed up to date with the Kubernetes community and provides customers with the support and resources they need to innovate rapidly.


Hitachi Data Systems

Digital transformation improves enterprises’ cost-efficiency, time to market, customer experience, and revenue through better data management. Hitachi Data Systems uses data to power the digital enterprise.


Discovering SCVMM and Its Features

Article | May 26, 2021

System Center Virtual Machine Manager (SCVMM) is a management tool for Microsoft’s Hyper-V virtualization platform. It is part of Microsoft’s System Center product suite, which also includes Configuration Manager and Operations Manager, among other tools. SCVMM provides a single pane of glass for managing your on-premises and cloud-based Hyper-V infrastructures, and it’s a more capable alternative to Windows Server tools built for the same purpose.

Read More

How virtualization helped Dell make a pandemic pivot

Article | April 14, 2021

Danny Cobb, fellow and vice president of engineering for Dell Technologies’ telco systems business, remembers his company cruising into early 2020: Kicking off a new fiscal year with its operating plan in place, supply chain nailed down and factories humming; people coming into the office each day to the usual routine of looking for parking spots and taking laptops down to the cafeteria. Then came March, and the first wave of the Covid-19 pandemic hit U.S. shores. In the course of one weekend, Dell pivoted to having more than 90% of its workforce working from home. That meant a dramatic shift in its network needs and operations – one that was only able to be accomplished so quickly because of virtualized infrastructure.

Read More

Scaling Your Business the Easy Way—with SD-WAN as a Service

Article | May 28, 2021

SD-WANs are a critical component of digital transformation. Using software-defined networking (SDN) and virtual network functions (VNF) concepts to build and manage a wide area network (WAN) helps businesses successfully transition their infrastructure to the cloud by securely connecting hybrid multicloud architectures. But SD-WANs can do more than just facilitate a transition to the cloud —they make it faster and less expensive to expand your business.

Read More

Virtualization Can Help Substantially Reduce Computing Costs

Article | August 9, 2021

Businesses use a lot of technology to keep themselves competitive and Businesses use a lot of technology to keep themselves competitive and operationally efficient. One way that organizations use to make their technology infrastructure more accessible is through the use of virtualization. Let’s discuss what virtualization is, how it benefits businesses, and some examples of how you might consider leveraging virtualization to your company’s benefit. Virtualization for Hardware and Software Virtualization in its most basic sense is taking something and making it virtual. In regards to hardware and software, it involves taking these parts of your technology infrastructure and making them available in a virtual environment. Virtual applications and hardware solutions can be deployed to the cloud so that they can be accessed by any online device. Some examples of virtualization might include creating virtual machines, like workstations and server units, that are hosted in a virtual environment for as-needed access

Read More


Hitachi Data Systems

Digital transformation improves enterprises’ cost-efficiency, time to market, customer experience, and revenue through better data management. Hitachi Data Systems uses data to power the digital enterprise.