An introduction to the Nutanix Kubernetes Platform (Part 1 of many)

Information of this post is subtracted from the Nutanix University course. Post is created while studying the course.

Introduction

Nutanix Kubernetes Platform (NKP) is a complete platform based on Kubernetes that serves modern applications. It provides a consolidated runtime, orchestration, and management environment to cloud-native customers and continues to build upon Nutanix cloud-native products and integrations.

NKP is running on top of Nutanix NCI infrastructure. Together with Nutanix AHV, NKP provides an infrastructure that is capable of running traditional virtual machines as well as modern (containerized) applications. This platform ensures data and application mobility across hybrid cloud environments. It also delivers a centralized, automated, and secure operating model for applications running on public cloud, private cloud, or hybrid multi-cloud environments.

See picture below about the features of NKP as well as the license requirements per feature.

Also see https://www.nutanix.com/products/kubernetes-management-platform.

Key NKP Components

An ordinary Kubernetes cluster consists of components in the cluster’s control plane and worker nodes that run containers and maintain the runtime environment.

NKP supplements the native Kubernetes cluster by including a pre-defined and pre-configured set of applications. These pre-defined applications contain critical features for managing a Kubernetes cluster in a production environment. In an NKP environment, these default applications are called platform applications. The following figure depicts NKP architecture and the workflow of key components.

NKP is composed of three main components Konvoy, Kommander, and Konvoy Image Builder (KIB). These components work together to provide a single, centralized control point for an organization’s application infrastructure.

Konvoy

Konvoy is the cluster life cycle manager component of NKP.

Konvoy uses Cluster Application Programming Interface (API), Calico, and other open-source and proprietary software to provide simple cluster life cycle management for conformant Kubernetes clusters with networking and storage capabilities.

Konvoy uses tools to provision certified Kubernetes clusters on multiple cloud providers, vSphere, and on-premises hardware in connected and air-gapped environments.

Konvoy contains the following components:

• Cluster Manager consists of Cluster API, Container Storage Interface (CSI), Container Network Interface (CNI), Cluster AutoScaler, Cert Manager, and MetalLB.
• For Networking, Kubernetes uses CNI (Container Network Interface) as an interface between network infrastructure and Kubernetes pod networking. In NKP, the Nutanix provider uses the Cilium CNI. All other providers use Calico CNI.

Kommander

Kommander is the fleet management component of NKP. Kommander delivers centralized observability, control, governance, unified policy, and better operational insights.

Kommander contains the following components:

• User interface, Security, Observability, Networking, and Application Management.
• Platform Applications: Applications such as observability, cost management, monitoring, and logging are available with NKP and making NKP clusters production-ready out-of-box. Platform applications are a choice of selected applications from the open-source community consumed by the platform.
• Pro Platform Applications: Monitoring, Logging, Backup or Restore, Policy Agent, External DNS, Load Balance, Ingress, SSO, Service Mesh.
• Ultimate Platform Applications: Includes all of the Pro Platform applications, plus additional Access Control and Centralized Cost Management.
• Catalog Applications: Applications in NKP Ultimate that can be deployed to be used for customer workloads, such as Kafka, Spark, and ZooKeeper.

Konvoy Image Builder

Creates Cluster API-compliant machine images. It configures only those images to contain all the necessary software to deploy Kubernetes cluster nodes.

Environment types

The environment types in NKP refer to the number of clusters that will be deployed (single or multi-cluster), internet connectivity (air-gapped and non-air-gapped) and whether NKP will be deployed to pre-existing virtual machines or physical machines (pre-provisioned), else dynamically generate new instances.

Single cluster

A single cluster environment supports NKP pro-cluster where you can install NKP. It’s a stand-alone and self-managed cluster capable of provisioning itself. In a single-cluster environment, you cannot attach other clusters; all workloads are run on the NKP Pro cluster. However, you can have many separate NKP Pro instances each with its own license.

Multicluster environment

Een multicluster environment consists of multiple cluster. One cluster is the management cluster. Besides the management cluster, an environment can consist of managed clusters and/or attached clusters. Managed clusters are completely managed by NKP. Attached clusters are created outside NKP and only workloads are managed.

Air-gapped environment

An air-gapped environment is disconnected from untrusted networks, such as the internet.

You can create an air-gapped cluster in on-premises environments or any other environment. In this configuration, you are required to provide an image registry. You must also retrieve required artifacts and configure NKP to use those from a local directory when creating and managing NKP clusters.

Air-gapped environments provide secure interactions with other networks. You can perform actions in several ways that require incoming data from other networks regardless of your environment’s isolation.

non-air-gapped environment

In a non-air-gapped environment, two-way access to and from the Internet exists. You can create a non-air-gapped cluster on pre-provisioned (on-premises) environments or any cloud infrastructure.

NKP in a non-air-gapped environment allows you to manage your clusters while facilitating connections and offering integration with other tools and systems.

Pre-Provisioned Environment

Pre-provisioned infrastructure allows Kubernetes to be deployed to existing virtual or physical machines. Other providers, such as vSphere, AWS, or Azure, dynamically create or provision virtual machines (VMs) before Kubernetes is deployed.

On most infrastructures (including vSphere and cloud providers), NKP provisions the actual nodes automatically as part of deploying a cluster. It creates the virtual machine using the appropriate image and then handles the networking and installation of Kubernetes.

However, NKP can also work with pre-provisioned infrastructure in which you provision VMs for nodes. You can pre-provision nodes for NKP on bare metal, vSphere, Nutanix AHV or cloud. Pre-provisioned and vSphere combine physical (on-premises bare metal) and virtual servers (VMware vSphere).

Cluster Types

Self-Managed Cluster

Self-managed clusters manage the provisioning and deployment of their own nodes through Cluster API (CAPI) controllers. CAPI controllers automatically manage the life cycle of a cluster’s nodes based on a customizable definition of the resources.

A self-managed cluster is one in which the CAPI resources and controllers that describe and manage it run on the same cluster that they are managing.

Network-Restricted Cluster

Network-restricted clusters are usually located in remote locations or at the edge and, therefore, are not in the same network as the Management cluster. A firewall secures a network-restricted or firewalled cluster.

The main difference between network-restricted and air-gapped clusters is that network-restricted clusters can reach external networks like the Internet, but their services or ingresses cannot be accessed from outside. Air-gapped clusters, however, do not allow ingress or egress traffic.

In a multi-cluster environment, NKP supports attaching a network-restricted cluster to an NKP Management cluster. You can also enable a proxied access pipeline through the Management cluster, which allows you to access the network-restricted cluster’s dashboards without being in the same network.

Next Post: Installation of NKP