Contributors: Alka Gupta, Director, Strategic Technical Alliance Pravin Goyal, Product Line Manager Eric Railine, Technical Product Line Manager
VMware vRealize Network Insight helps you build an optimized, highly available, and secure network infrastructure across hybrid and multi-cloud environments. It provides network visibility and analytics to accelerate micro-segmentation, minimize risk during application migration, optimize network performance, and manage and scale VMware NSX deployments with a 360-degree view of the network.
In this blog, we describe the use cases of coupling vRealize Network Insight with VMware Enterprise PKS specifically and Kubernetes more generally. With vRealize Network Insight, applications can gather data from both virtual and physical devices and provide direct insights into VMware Enterprise PKS and Kubernetes with VMware NSX-T Data Center as the fabric manager.
To get the real-time data from VMware Enterprise PKS and Kubernetes, vRealize Network Insight lets you add the VMware Enterprise PKS API and individual Kubernetes clusters as data sources. Adding the VMware Enterprise PKS API server enables dynamic collection of data for all the Kubernetes clusters that are available in the data center. vRealize Network Insight automatically detects a newly created cluster and adds it to its inventory.
With vRealize Network Insight 5.0, the feature of service-to-service path and pod-to-pod path is added, which gives you granular visibility for Kubernetes entities that exchange data.
Major areas that vRealize Network Insight addresses for VMware Enterprise PKS and Kubernetes include the following:
- Visibility
- Planning security
- Troubleshooting
Gaining Visibility with the vRealize Network Insight Dashboard
Need to plan capacity for your Kubernetes environment or need more detailed information about a Kubernetes cluster?
The vRealize Network Insight dashboard for Kubernetes provides an overview of Kubernetes entities. The dashboard, for example, shows the number of namespaces, the number of Kubernetes pods, the number of services running, the total number of worker nodes, and the number of active Kubernetes clusters in single window.
The vRealize Network Insight dashboard also provides more detailed information about a Kubernetes cluster, such as associated namespaces, pods, services, and nodes. The dashboard also graphically displays how services and namespaces are interacting at various levels.
For security, the dashboard provides an overview of container images running in the environment.
VMware Enterprise PKS and Kubernetes Path Visibility
The right visibility for any environment matters.
vRealize Network Insight provides deep, rich visibility of traffic flow across Kubernetes clusters in a single-pane view. It draws a detailed connection between any two selected entities so you can:
- See network paths between Kubernetes pods and services
- Discover connectivity between the nodes and external traffic
- Analyze the path from the master node to a worker node
- Get visibility into the VM-to-VM path, such as between Operations Manager and nodes
- Garner deep insights into NSX components, including distributed logical routers, logical switches, and other VMware Enterprise PKS entities
- Highlight the issues in a path to make troubleshooting easier.
- View the status of the path ports and events triggered across all the entities
Discovering and Viewing Hybrid Applications
Want to see how services are interacting at various levels, such as those for a hybrid application that uses both services on virtual machines and microservices?
vRealize Network Insight continues to add new mechanisms to discover applications. Kubernetes communicates at the microservice layer; thus, vRealize Network Insight allows you to define your application layout based on namespaces, microservices, and their inter-connectivity — that is, how different services and pods are connected over the network. vRealize Network Insight also helps describe a hybrid application that is composed of microservices and services running on VMs.
Planning Security
Planning security is extremely important in the landscape of today’s environments. vRealize Network Insight helps plan security with discoverability and policies. You can discover applications running on VMs and in containers.
Based on the traffic flow, vRealize Network Insight recommends cluster-wide network policies that can be specific to services or namespaces. These recommended rules can be exported as native Kubernetes YAML files. These YAMl files can then be applied to Kubernetes clusters using native Kubernetes APIs to direct NSX to implement the firewall rules.
Visualizing Objects to Optimize Operations and Troubleshoot Problems
Solving problems starts with proper visibility of the system, and vRealize Network Insight provides end-to-end visibility from top-level Kubernetes objects to underlying infrastructure objects. One-click views display all the connections from the clusters to hosts, from pods to containers, from namespaces to logical switches and services to logical ports, all of which makes for easy troubleshooting.
Detailed flow statistics for important Kubernetes clusters and Kubernetes namespaces help network administrators understand the network bottlenecks.
Identifying Scaling Patterns with Service Topology
The new Service Topology feature shows service connection diagrams and their scaling patterns, which will further help in troubleshooting service-specific issues.
vRealize Network Insight also gives a unified view of NSX-T and Kubernetes events from its own intelligence. Multiple sources of events roll up into one view to show cluster-wide or service-wide health.
vRealize Network Insight is available as a managed, hosted cloud service from VMware as well as for on-premises deployments. We recommend it as a key tool in your data center to discover, optimize, and troubleshoot application security and network connectivity for containers running in Kubernetes.