惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
爱范儿
爱范儿
H
Help Net Security
Last Week in AI
Last Week in AI
The Cloudflare Blog
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
IT之家
IT之家
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
Google DeepMind News
Google DeepMind News
B
Blog
C
Check Point Blog
T
Tailwind CSS Blog
云风的 BLOG
云风的 BLOG
D
Docker
Recent Announcements
Recent Announcements
Vercel News
Vercel News
博客园 - 聂微东
阮一峰的网络日志
阮一峰的网络日志
MyScale Blog
MyScale Blog
The GitHub Blog
The GitHub Blog
Stack Overflow Blog
Stack Overflow Blog
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
月光博客
月光博客
F
Fortinet All Blogs
Blog — PlanetScale
Blog — PlanetScale
B
Blog RSS Feed
The Register - Security
The Register - Security
V
Visual Studio Blog
F
Full Disclosure
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Latest news
Latest news
PCI Perspectives
PCI Perspectives
Cisco Talos Blog
Cisco Talos Blog
博客园 - Franky
D
DataBreaches.Net
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
Google Developers Blog
P
Palo Alto Networks Blog
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
T
Tenable Blog
L
LINUX DO - 热门话题
Spread Privacy
Spread Privacy

VMware Blogs

Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Elevating Enterprise Kubernetes with Automated Security, Scale, and Seamless Add-ons: Introducing VKS 3.7
Jay Thontakudi · 2026-06-17 · via VMware Blogs

Managing modern applications at scale requires a delicate balancing act. To deploy these workloads successfully, platform teams must constantly juggle competing priorities: accelerating developer velocity, hardening security, and adopting leading edge ecosystem tools—all while operating within strict compliance guardrails. The release of VMware vSphere Kubernetes Service (VKS) 3.7 will directly address these priorities.

VKS is the CNCF certified Kubernetes runtime built into VMware Cloud Foundation (VCF), the unified private cloud platform that enables enterprises to run modern applications alongside traditional workloads. VKS enables platform teams to deploy, manage, and scale Kubernetes clusters while leveraging a comprehensive set of cloud services included in VCF, as well as all conformant third-party services.

By focusing heavily on automated compliance, critical-sector scale, operational efficiency, and an entirely reimagined Add-on framework, this release of VKS drives definitive business advantages while vastly simplifying daily life for the Platform Engineering team. VKS 3.7 will add support for Kubernetes version 1.36, continuing Broadcom’s commitment to delivering CNCF-certified Kubernetes that is designed for modern enterprise use. 

VKS 3.7 delivers value across four key pillars.

1. Hardening platform security and compliance

For organizations operating under regulatory frameworks, security posture is only as strong as its consistency. Compliance configurations that hold at cluster creation but drift over time create audit exposure and remediation cycles that consume platform team capacity. VKS 3.7 will close this gap with automation that enforces security controls from initial setup through every subsequent lifecycle operation.

  • Targeted filesystem lock-down: Tightens security by blocking unauthorized access to targeted OS directories (/usr). This new capability introduces an extra layer of protection building upon the OS-layer security hardening verified by Secure Boot. This prevents workloads and unauthorized processes from modifying critical operating system directories, reducing the risk of node compromise and helping customers maintain a consistent security posture across their Kubernetes fleet.
  • Customizable TLS profile: Enforce minimum TLS version and select custom ciphers to meet common compliance standards across VKS cluster components. The platform automatically maintains these configurations across cluster lifecycle operations including scaling, eliminating manual drift and ongoing remediation.
  • Rapid CVE mitigation: Traditionally, OS security patches have been tied to Kubernetes patch versions, requiring extensive planning and disruptive maintenance windows. VKS 3.7 will decouple these cadences. Using the integrated Image Baker tool, organizations can now bring their own OS images, apply critical security patches, and roll them out across all clusters seamlessly – without impacting running workloads.
Figure 1: Rapid CVE mitigation with non-disruptive OS patch updates

The result is a security posture that accelerates audit readiness and reduces operational pressure. Compliance and business leaders gain automated consistency across common compliance standards while closing the window between vulnerability detection and remediation. Platform teams gain the controls and flexibility to manage patching on their own schedule, with every configuration enforced by the platform rather than depend on manual verification.

Securing the infrastructure is the necessary foundation. But for organizations in critical sectors like telecommunications, government, healthcare, and energy, security alone is not sufficient. These industries require infrastructure that can absorb the scale and network demands of their most critical workloads. VKS 3.7 helps address these requirements.

2. Accelerating workload deployments in critical sectors 

Mission-critical applications leave no room for infrastructure that cannot match their availability and performance requirements. Telco 5G core deployments, large-scale data processing pipelines, and government workloads each place distinct demands on Kubernetes infrastructure: high node counts, fault tolerance against localized failures, and the ability to route high-bandwidth traffic over isolated, high-performance network interfaces. To address these challenges VKS 3.7 delivers the following three key capabilities:

  • Enhanced Fault Tolerance for VKS control plane: Control plane expansion to 5 nodes ensures VKS API servers remain highly available and resilient.
  • Scale increase for Telco and Mission-Critical Applications: Substantial increase in the number of nodes per cluster accommodates the rigorous requirements of Telco 5G core applications.
  • High Performance Networking Enablement: VKS 3.7 enables latency-sensitive and high-bandwidth workloads to utilize dedicated secondary networks and high-performance network interfaces. Support for Multus CNI and Whereabouts allows organizations to build advanced networking architectures that can leverage technologies such as SR-IOV and DPDK-accelerated NIC virtual functions for mission-critical applications.

These capabilities translate directly to production-readiness for industries where downtime or degraded performance carries real consequences. Business stakeholders gain infrastructure capable of running 5G core, government, healthcare, and energy workloads with superior quality of experience and lower latency those applications demand. 

Platform teams gain API server resiliency and high performance networking capabilities, with Multus and Whereabouts integration removing the manual complexity of configuring secondary networks from scratch. 

Reaching the scale these sectors require solves one dimension of the problem. The other is reducing the operational burden of keeping infrastructure at that scale healthy over time. That is the focus of the next area of investment – operational efficiency.

3. Increasing operational efficiency

Day-2 operations are where the hidden costs of Kubernetes lie. VKS 3.7 will focus on reducing the manual toil and anxiety around cluster deployments and upgrades.

  • Advanced Helm Package Management: Building on the Helm Controller introduced in VKS 3.6.2, VKS 3.7 will combine declarative, industry-standard application lifecycles with a new Add-on framework (Add-on API) to simplify the management of service installs across the fleet of VKS clusters.

For business stakeholders, the payoff is measurable: faster time-to-value with accelerated application delivery through templatized configurations and smoother deployments leveraging the latest open-source innovations. For platform teams, it means automated rollback on detected failures, simplified desired-state management across the fleet, and the freedom to focus on deployment rather than manual remediation. 

These gains build on two commitments that remain core to the VKS operating model: VKS upgrades stay decoupled from the control plane, so the Supervisor can continue running on an older version without blocking team progress, and Broadcom’s 24-month extended support per Kubernetes version at no additional cost and with overlapping version coverage gives large organizations the room to move forward on their own timelines without forcing fleet-wide upgrades or compressed maintenance windows.

Operational efficiency gains compound when platform teams also have the right ecosystem tooling to work with. That is why the fourth area of investment in VKS 3.7 is a complete rethinking of how Add-ons are delivered, supported, and expanded.

4. Simplifying adoption of third-party services

The breadth of tools a platform team needs changes constantly as applications evolve and new open-source capabilities emerge. A rigid packaging model limits how quickly teams can adopt those tools and creates ambiguity about what level of support applies to each. 

VKS 3.7 will replace the previous core and standard package structure with a four-tier Add-on Management Framework that accelerates ecosystem expansion and provides clarity on Broadcom’s support commitment to customers. 

  • Product Add-ons: Broadcom-curated Add-ons that are deeply integrated in VKS and the underlying infrastructure. This tier replaces previous VKS “core” packages, maintaining the same level of Broadcom lifecycle and runtime support.
  • Partner Add-ons: Add-ons validated by the ISV partner and Broadcom through the Broadcom Technology Alliance Program (TAP). Partner-tier Add-ons are jointly supported by Broadcom (lifecycle) and the ISV partner (runtime). 
  • Ecosystem Add-ons: Open-Source Software (OSS) Add-ons curated by Broadcom for VKS. This tier replaces “Standard” packages maintaining the same level of lifecycle support from Broadcom while enabling customers to leverage the expert-led power of the global community for runtime support.
  • Community Add-ons: Customers get the flexibility to build or bring their own application packages. Lifecycle and runtime support are customer-led or backed by a global network of experts in the community.

Product, Partner, and Ecosystem Add-ons include orchestrated lifecycle with automated install, upgrade, and VKr alignment. With Community Add-ons, customers gain the flexibility to manage installs and upgrades, or orchestrate the entire lifecycle using the Add-on Manager.

Figure 2: New Add-on management framework

For business stakeholders, the four-tier framework future-proofs investments by accelerating ecosystem expansion and improving deployment readiness across a broader range of integration tools. For platform teams, transparent support tiers mean faster issue resolution and a predictable operational experience as the fleet grows.

New Add-ons being introduced in VKS 3.7

  • Headlamp (Ecosystem tier): Community standard UI with application centric view for visualizing cluster resources and application health using integrated logs and metrics, and leveraging a powerful plugin architecture. Empowers App and Platform Teams to manage cluster resources and accelerate troubleshooting without the deep Kubernetes expertise
  • NFS-Client (Product tier): Enables dynamic provisioning of persistent storage using existing NFS servers, allowing multiple containers to read and write to the same volume simultaneously. Simplifies provisioning for Platform Teams with automatic storage creation and increases workload portability, de-coupling container state from local node storage
  • Multus and Whereabouts (Product tier): Multus CNI enables multi-homed pods in Telco deployments by acting as a meta-plugin that calls multiple underlying CNI plugins like Calico to attach secondary network interfaces. Whereabouts is a cluster-wide IP Address Management (IPAM) plugin that dynamically assigns IPv4/IPv6 addresses. It pairs with Multus to assign and track IP addresses across secondary interfaces without conflicts.

Platform teams in highly regulated sectors like Telco and 5G can easily isolate control plane traffic from heavy data plane workloads with Multus. This architecture leverages VMXNET3 or SR-IOV to satisfy ultra-low latency requirements, while utilizing Whereabouts to eliminate the complexity of advanced networking with critical cluster-wide IP Address Management (IPAM).

New Add-ons introduced in VKS 3.6.x

  • OPA Gatekeeper (Product tier): A specialized Kubernetes admission controller that enforces custom, declarative policies to ensure workloads comply with security and governance standards. Enables Platform Teams to define policy-as-code with real-time enforcement, preventing non-compliant resources from being deployed.
  • Helm Controller (Product tier): Declaratively manages Helm chart releases using standard cluster manifests. Significantly reduces manual toil for Platform Teams managing multi-cluster workload deployments through automated lifecycle management, rollbacks, drift detection, and reconciliation.

Conclusion: The VKS 3.7 Advantage

VKS 3.7 will bridge the gap between maximum operational control and rapid developer execution. Decoupled zero-impact OS patching removes the forced trade-off between security velocity and workload stability. Telco-grade scalability accelerates critical-sector workload deployments eliminating the need for purpose-built infrastructure. Declarative lifecycle management through the Helm Controller and Add-on API eliminates the manual toil that slows platform teams down. And the four-tier Add-on Management Framework gives platform teams a predictable, extensible toolkit to manage their fleets with confidence as requirements evolve.

By addressing automated compliance, critical-sector scale, operational efficiency, and ecosystem integration together, this release ensures that as infrastructure grows, operational overhead does not grow with it.

Resources: 


Discover more from VMware Cloud Foundation (VCF) Blog

Subscribe to get the latest posts sent to your email.