DEPLOYMENT VALIDATED

VMware Cloud Foundation 9 — VKS Cluster

Infrastructure-as-Code deployment via GitHub Actions

Platform

VCF 9 + VKS

Orchestration

Cluster API

Networking

NSX VPC

Storage

PVC Bound

Ingress

Contour + Envoy

DNS

sslip.io

TLS Certificates

cert-manager

Certificate Authority

Let's Encrypt

Provisioning

✓ VCF CLI context created and authenticated to VCFA
✓ Project, RBAC, and Supervisor Namespace provisioned
✓ Context Bridge completed — Cluster API visible
✓ VKS cluster deployed via Cluster API topology
✓ Worker nodes scaled and Ready
✓ Cluster Autoscaler installed and configured

Infrastructure Packages

✓ cert-manager installed — X.509 certificate lifecycle management
✓ Contour installed — Envoy-based ingress controller
✓ envoy-lb LoadBalancer service created — shared ingress IP
✓ CoreDNS patched with sslip.io forwarding rule
✓ ClusterIssuers created — Let's Encrypt staging + production

Functional Validation

✓ Persistent Volume dynamically provisioned and bound
✓ NSX LoadBalancer assigned external IP
✓ sslip.io Ingress routing verified
✓ HTTP connectivity validated end-to-end

AWS EKS → VCF VKS Migration

EKS Cluster→ VKS Cluster (Cluster API) Managed Node Groups→ Worker Pools + Autoscaler EBS CSI Driver→ Cloud Native Storage (nfs) ALB Ingress Controller→ Contour + Envoy Route 53→ sslip.io Magic DNS ACM (Certificate Manager)→ Let's Encrypt + cert-manager EKS Add-ons→ VKS Standard Packages