vRealize Network Insight Containers Day 2 Network Operations Kubernetes Microsegmenation NSX Pivotal Container Service

Kubernetes Insights Using vRealize Network Insight Part 1

Since version 4.1, VMware’s vRealize Network Insight integrates with VMware PKS and Vanilla Kubernetes to gain visibility into your container environment like never before. You’ll gain visibility into the real-time network flows happening in and outside the containers and the entire Kubernetes inventory will be available and correlated to the rest of the virtual and physical infrastructure!

In this 2-part blog post I am going to cover various use cases on gaining visibility into your Kubernetes environment. Some of the high-level functionalities we gain with this integration include:

 

Day 0

  • Inventory collection and visualization
  • App Definition
  • Traffic Visibility
  • Security Planning

Day 2 Ops

  • Capacity Planning and Reporting
  • Troubleshooting

 

In Part 1 of this blog post, I am going to focus on Day 0 functions and talk about how to discover the Kubernetes inventory (Pods, namespaces, services, etc.) and show you how that correlates to the rest of the infrastructure. Then we’ll move on to the Service Graph inside Network Insight, that uses real-time network flows to display a beautiful and intuitive diagram of how your application services are behaving.

 

Inventory Collection and Visualization

After we add VMware PKS or Kubernetes, both along with NSX-T as a data source in Network Insight we will start to collect data and gain visibility into our environment.

Service Graph

Let’s move on to the service graph in which we will be able to see micro-service interactions which is important when we need to understand how our application is communicating and secure it by using NSX to micro-segment it.

 

 

 

As you can see in the screenshot below, we can graph flows in our Kubernetes environment grouped by Cluster, Namespace, Service, or Node.

 

 

Next, I am going to drill down on communication between the Frontend Service and the Cart Service by clicking on the flow line in the service graph above.

 

This provides us with a detailed view of the flow between the Frontend Service and the Cart Service including any Applied Firewall Rules already configured in NSX-T associated to the flow we are focusing on.

 

Securing your Applications

Now that we have visibility into our Kubernetes Environment, we can plan security and implement micro-segmentation using the out-of-the-box native Kubernetes YAML files created by Network Insight. When planning security for our Kubernetes environment we can choose to implement policy Cluster-wide, Service, or Namespace specific security policies.

 

 

Using the YAML files produced by Network Insight we can now apply security polices at the Kubernetes layer and enforce at the NSX-T Distributed Firewall.

Summary

These are just a few Day 0 insights we gain using Network Insight in our VMware PKS or Vanilla Kubernetes environments. In Part 2 of this blog I will focus on Day 2 Operations such as Capacity Planning and Troubleshooting so make sure to stay tuned!