Pivotal Container Service v1.0

PKS Release Notes

PKS (Pivotal Container Service) is used to create and manage on-demand Kubernetes clusters via the PKS CLI.


Release Date: March 6, 2018

  • [Bug Fix] vSphere NSX-T integration works with BOSH stemcell v3468.25 and later.
  • [Bug Fix] Adds support for special characters #, &, ;, ", ', ^, \, space (), and % in vCenter passwords.
  • [Bug Fix] Worker nodes are drained before they stop in order to minimize workload downtime during a rolling upgrade.
  • [Security Fix] UAA credentials and vCenter passwords do not appear in BOSH logs.
  • [Bug Fix] BOSH DNS no longer causes worker nodes to fail after a manual restart.
  • Updates Kubernetes to v1.9.3.
  • Updates Golang to v1.9.4.


Release Date: February 8, 2018

PKS v1.0.0 includes or supports the following component versions:

Product Component Version Supported Notes
vSphere 6.5 and 6.5 U1 - Editions
  • vSphere Enterprise Plus Edition
  • vSphere with Operations Management Enterprise Plus
vSphere versions supported for Pivotal Container Service (PKS)
VMware Harbor Registry 1.4.1 Separate download available from Pivotal Network
NSX-T 2.1 Advanced Edition Available from VMware
Pivotal Cloud Foundry Operations Manager (Ops Manager) 2.0.X Separate download available from Pivotal Network
Stemcell 3468.21 Separate download available from Pivotal Network
Kubernetes 1.9.2 Packaged in the PKS Tile (CFCR)
CFCR (Kubo) 0.13 Packaged in the PKS Tile
NCP Packaged in the PKS Tile
PKS CLI 1.0.0-build.3 Separate download available from the PKS section of Pivotal Network
Kubernetes CLI 1.9.2 Separate download available from the PKS section of Pivotal Network
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.


  • Create, resize, delete, list, and show clusters through the PKS CLI
  • Native support for NSX-T and Flannel
  • Easily obtain kubeconfigs to use each cluster
  • Use kubectl to view the Kubernetes dashboard
  • Define plans that pre-configure VM size, authentication, default number of workers, and addons when creating Kubernetes clusters
  • User/Admin configurations for access to PKS API
  • Centralized logging through syslog

Known Issues

Special Characters

In PKS v1.0.0, special characters, such as #, &, ;, ", ', ^, \, space (), !, and % cannot be used in vCenter passwords. PKS v1.0.1 adds support for the special characters listed above except for !.

Stemcell Incompatibility

When deploying the PKS v1.0.0 using NSX-T as the networking layer with a stemcell other than x3468.21, Kubernetes cluster deployments fail. PKS v1.0.1 adds support for stemcells v3468.25 and later.

Stemcell Updates Cause Automatic VM Rolling

Enabling the Upgrade all clusters errand allows automatic rolling for VMs in your deployment. Pivotal recommends enabling this errand to ensure that all deployed cluster VMs are patched.

When you enable the Upgrade all clusters errand, the following actions can cause downtime:

  • Updating the PKS tile with a new stemcell triggers the rolling of each VM in each cluster.
  • Updating other tiles in your deployment with new stemcells causes the rolling of the PKS tile.

Upgrade Errand Fails with Failed Deployments

The Upgrade all clusters errand fails if any deployments are in a failed state.

To work around this issue, delete the failed cluster using the PKS CLI or redeploy the failed cluster with the BOSH CLI to ensure the cluster is in a successful state.

Syslog Security Recommendations

BOSH Director logs contain sensitive information that should be considered privileged. For example, these logs may contain cloud provider credentials in PKS v1.0.0. If you choose to forward logs to an external syslog endpoint, using TLS encryption is strongly recommended to prevent information from being intercepted by a third party.

Create a pull request or raise an issue on the source for this page in GitHub