Systems and methods provide for scaling service discovery in a micro-service environment. A controller can inject a service discovery agent onto a host. At least one of the controller or the agent can identify a first set of micro-service containers that are dependencies of the first micro-service container and a second set of micro-service containers that are dependencies of the second micro-service container. At least one of the controller or the agent can update routing data for the first set of micro-service containers and the second set of micro-service containers. At least one of the controller or the agent can determine the second micro-service container has terminated on the host computing device. At least one of the controller or the agent can update the agent to remove the routing data for the second set of micro-service containers.

An example method of managing storage for a containerized application executing in a virtualized computing system having a cluster of hosts and a virtualization layer executing thereon, is described. The method includes receiving, at a supervisor container orchestrator, a request for a first persistent volume lifecycle operation from a guest container orchestrator, the supervisor container orchestrator being part of an orchestration control plane integrated with the virtualization layer and configured to manage a guest cluster and virtual machines (VMs), supported by the virtualization layer, in which the guest cluster executes, the guest container orchestrator being part of the guest cluster; and sending, in response to the first persistent volume lifecycle operation, a request for a second persistent volume lifecycle operation from the supervisor container orchestrator to a storage provider of the virtualized computing system to cause the storage provider to perform an operation on a storage volume.

An example virtualized computing system includes a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs, the pod VMs including container engines supporting execution of containers in the pod VMs; and an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server configured to manage the pod VMs and first VMs of the VMs. The virtualized computing system further includes a guest cluster executing in the first VMs and managed by the orchestration control plane, the guest cluster including a guest master server configured to, in cooperation with the master server, deploy first pods in the pod VMs.

In one embodiment, a system for managing communication connections in a virtualization environment includes a plurality of host machines implementing a virtualization environment, wherein each of the host machines includes a hypervisor, at least one user virtual machine (user VM), and a distributed file server that includes file server virtual machines (FSVMs) and associated local storage devices. Each FSVM and associated local storage device are local to a corresponding one of the host machines, and the FSVMs conduct I/O transactions with their associated local storage devices based on I/O requests received from the user VMs. Each of the user VMs on each host machine sends each of its respective I/O requests to an FSVM that is selected by one or more of the FSVMs for each I/O request based on a lookup table that maps a storage item referenced by the I/O request to the selected one of the FSVMs.

Methods, systems and computer program products for intra-footprint computing cluster bring-up within a virtual private cloud. A network connection is established between an initiating module and a virtual private cloud (VPC). An initiating module allocates resources of the virtual private cloud including a plurality of nodes that correspond to members of a to-be-configured computing cluster. A cluster management module having coded therein an intended computing cluster configuration is configured into at least one of the plurality of nodes. The members of the to-be-configured computing cluster interoperate from within the VPC to accomplish a set of computing cluster bring-up operations that configure the plurality of members into the intended computing cluster configuration. Execution of bring-up instructions of the management module serve to allocate networking IP addresses of the virtual private cloud. The allocated networking IP addresses of the virtual private cloud are assigned to networking interfaces of the plurality of nodes.

This disclosure describes systems, devices, and techniques for migrating virtualized resources between the main region and edge locations. Live migration enables virtualized resources to remain operational during migration. Edge locations are typically separated from secure data centers via the Internet, a direct connection, or some other intermediate network. Accordingly, to place virtualized resources within an edge location, the virtualized resources must be migrated over a secure communication tunnel that can protect virtualized resource data during transmission over the intermediate network. The secure communication tunnel may have limited data throughput. To efficiently utilize resources of the secure communication tunnel, and to reduce the impact of migrations on virtualized resource operations, virtualized resource migrations may be carefully scheduled in advance. For instance, virtualized resources may be selectively migrated at times-of-day in which they are likely to be relatively idle, or at times when the communication tunnel is predicted to have sufficient bandwidth.

System and method for running virtual machines within containers. An example method may include: running, by a host computer system, a hypervisor managing a first virtual machine implemented by a first container with a first set of resources, creating, by the hypervisor, a second container implementing the second virtual machine, wherein the second container is nested within the first container, determining, by the first virtual machine of the first container, one or more of the first set of resources to assign to the second container, and assigning, by the hypervisor, to the second container one or more of the first set of resources.

Some embodiments provide a method for evaluating authorization policies that restrict access to API (Application Programming Interfaces) calls to an application executing on a host system. At the application, the method receives an API call to execute. The method directs a process virtual machine (VM) executing inside the application to make an authorization decision for the API call. The method executes the API call after receiving an authorization decision to allow the API call from the process VM executing inside the application.

Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.

Some embodiments provide method for implementing a logical router of a logical network. The method receives a configuration for a first logical router. The configuration includes a static route for the first logical router. The method defines several routing components with separate routing tables for the logical router. The method adds a first route, having a first static route type, for the static route to the routing tables of at least a first subset of the routing components. Based on the connection of a second logical router to the first logical router, adding a second route, having a second static route type, to the routing tables of at least a second subset of the routing components.