The various decisions regarding master nodes, etcd, and worker node composition, network and storage configuration are managed by VKE given your service-level objectives.
The company sees three basic models going forward regarding abstractions of the Kubernetes cluster:
1) Abstract nothing.
2) Abstract the control plane only, pull the control plane (master nodes and etcd) behind the curtain and leave the customer to manage the hundreds of worker nodes.
3) Abstract everything, pull both the control plane and the worker nodes behind the curtain.
VMware said that the company is operating under the assumption the highest ratio of customer value to cost is in the ‘abstract everything’ model and therefore have set our bar at turning the entire Kubernetes cluster into a policy-defined, dial-tone service.
Here are some of the implementation details in VKE in support of multi-cloud:
• VMware Kubernetes Engine itself runs on AWS and supports the creation of clusters on native EC2 instances. At General Availability, the company plans to be in three AWS regions–US-East1, US-West2 and EU-West1. VKE provides a single endpoint for the service which spans all supported regions.
To sum it up, VKE manages security for the customers by making sure that all components are fully patched with a Kubernetes environment hardened for production, encrypting communications, and providing network isolation.