Over the past few weeks, I have been evaluating Nirmata with my esteemed peer, Joe Mann. From my purview, Nirmata provides an “easy” way for Kubernetes management. More importantly, they have written a UI plugin for VMware Cloud Director (VCD) that calls upon the Container Service Extension (CSE).
In this blog post, I’d like to summarize some of the unique functionality and my experience with Nirmata, CSE, and VCD. I believe this is extremely relevant for Cloud Providers and consumers of VCD.
Bottom line, Nirmata makes it very easy to consume Kubernetes inside of VMware Cloud Director.
Container Service Extension (CSE) isn’t terribly difficult for someone proficient in the CLI or has experience with the API. However, there’s still a learning curve associated with using CSE with VMware Cloud Director (VCD). This might be a detriment to user experience or scare away potential tenants from consumption.
Some further context – I would not consider myself an expert at Kubernetes. While I’ve done some work on CSE before, Nirmata’s integration with VCD has made this extremely easy. What’s great about their integration is the seamless experience we get for creation and lifecycle management. Furthermore, this adheres to the role and resource constructs deployed by VCD.
As depicted in the screenshot above, with two clicks of my mouse, I’ll have a new Kubernetes cluster backed by the native K8s provider or PKS. I can then hand this off to my developer to consume it via “kubectl” or consume it myself for my applicable use case.
Native vCD UI Experience of All Workloads
It’s extremely important to provide a seamless experience for new tenants. Nirmata with CSE accomplishes this while maintaining what I consider “workload equality.”
By utilizing native CSE, this is done through the CLI and maintained as such. This isn’t necessarily a bad thing, but different than what we are used to with VCD.
By using Nirmata’s VCD plugin, we are able to co-exist directly with my traditional VM workloads while applying the same resource constructs. Therefore, as a provider, I can assign discrete resource limits to an orgVDC for Kubernetes-based workloads.
Remember, it’s not an all-or-nothing proposition: we can carve out resources from vCenters with NSX-V and NSX-T. With CSE, we are layering out Kubernetes workloads within this same tenancy construct architecture.
Policy Control across multiple VCD instances
While I’m only discussing one distinct value point of Nirmata, this is a rather interesting value proposition when we have multi-site VCD architecture.
Nirmata operates on policy constructs that can be applied against any cloud. In our context, this could be multiple VCD instances attached to the Nirmata Platform.
The Nirmata SaaS platform also allows for direct control of the registered clusters. In the below example, I added Kyverno to a cluster inside of an organization –
This can be also done through the native VCD plugin within that cluster –
Video Demo and Summary
Below is a video of Joe and I demonstrating Nirmata’s integration to VCD. This also provides an intro to CSE.
In summary, Nirmata delivers value to a VCD platform for Kubernetes that can be executed on today. Joe and I have a larger writeup over on Nirmata’s site that can be accessed here.