For data center architects who have standardized on VMware virtualization, a logical question is whether benefits can be gained from hosting containers on virtual machines. Our answer is yes—hosting containers on VMware vSphere VMs increases security and isolation, and it enables the use of multiple host operating systems on one server.
The PowerFlex rack that we used for this testing hosted two parallel projects. The projects ran on the same software-defined storage but required isolation from each other. In our testing, we employed VMware vSphere VM security to prevent accidental access to resources by anyone outside the respective project teams.
Another key benefit of using VM virtualization for containers is the capability to use multiple host operating systems on the same server. A bare-metal implementation with one host operating system would have forced both projects to use the same stack: operating system, Docker, Kubernetes, and the CSI plug-in for PowerFlex systems. Alternatively, the projects would use separate physical servers to isolate different container software stacks.
Using VMware for our projects gave us the isolation and consolidation benefits of running multiple container stacks within VMs on the same PowerFlex rack. For example, in our Big Data Cluster tests, one project used Red Hat Enterprise Server 7.6 as the host operating system, with Kubernetes 1.14.9 and version 1.1.3 of the CSI plug-in for PowerFlex systems. The second project used completely different technology and software versions across all the software layers. Performance testing was not part of this project, but testing performance for any production systems, including virtualized container infrastructure, is essential. Virtualization adds another layer to the application stack. Both the container and the VM must be optimized to gain the best performance. For example, the VM configuration (vCPU, vMem, and storage) must be aligned to the performance requirements of the containerized application. For more information, see Best Practices for Storage Container Provisioning in VMware Docs.