Secure and Scale VMware VKS with Calico Kubernetes Networking

The Calico Unified Platform Reference Architecture 1. Secure the Perimeter: Bridging Kubernetes with Legacy Firewalls 2. Enforce Zero-Trust at Scale: Unified Policy Across Kubernetes, VMs, and Bare Metal 3. Total Visibility: One Management Plane for Every Traffic Flow 4. Scale Without Limits: Multi-Cluster Management and AI-Powered Operations The Ultimate VKS Experience Co-authors Abhishek Rao | Tigera Ka Kit Wong, Charles Lee, & Christian Rauber | Broadcom VMware vSphere Kubernetes Service (VKS) is the CNCF-certified Kubernetes runtime built directly into VMware Cloud Foundation (VCF), which delivers a single platform for both virtual machines and containers. VKS enables platform engineers to deploy, manage, and scale Kubernetes clusters while leveraging a comprehensive set of cloud services. And with VKS v3.6, that foundation just got significantly more powerful: VKS now natively supports Calico Enterprise — part of the Calico Unified Platform — as a validated, lifecycle-managed networking add-on through the new VKS Addon Framework. This integration is a key milestone in VMware’s expanded partnerships across the Kubernetes ecosystem , ensuring customers have access to best-in-class networking and security tools. Even better, VKS natively integrates Calico Open Source by Tigera as a supported, out-of-the-box Container Network Interface (CNI). This gives organizations a powerful open source baseline right from day one: Pluggable Data Planes: The flexibility to run high-performance eBPF, standard Linux iptables, modern nftables, or Windows data planes based on specific workload needs. Wire-Speed Routing: Direct BGP peering with the underlying VMware NSX infrastructure, eliminating the performance overhead of traditional overlay networks. Foundational Zero-Trust: Global default-deny policies to instantly secure pod-to-pod traffic.