A Cloud Native Playbook for Platform Engineers

Chapter 1:
From DIY to an IDP Approach

Kubernetes^® container management is only one piece of the puzzle when building an enterprise-grade cloud native platform. As platform engineering evolves, teams are rethinking how they deliver scalable, secure, and developer-friendly environments — and whether DIY is still the right path.

Why Platform Engineers Are Moving Beyond DIY Kubernetes

Kubernetes is the cornerstone of modern infrastructure, but it’s not enough on its own. A production-ready platform also needs capabilities such as networking, storage, observability, and security. It also needs to handle security, role-based access control (RBAC), and additional capabilities like GitOps, policy management, and a service mesh. Many teams start with DIY platforms, stitching together open-source tools for these needs. It works at first, but as clusters multiply, so do integration challenges.

Platform engineers soon find themselves running not just the infrastructure, but the entire developer experience: provisioning clusters, enforcing policies, troubleshooting pipelines, and firefighting drift. The burden slows down delivery and increases risk.

Many teams don’t want to build platforms — they want to use them. That’s why the shift to Internal Developer Platforms (IDPs) is underway: abstracting complexity and giving developers golden paths to production. By choosing a platform approach, teams can redirect their efforts towards high-impact contributions, such as enabling access to AI models, improving data pipelines, and accelerating innovation. This reflects an evolution in platform engineering, from provisioning infrastructure to enabling developer velocity and driving business impact.

Common Challenges

• Balancing speed with stability: Developers need fast access to environments, while ops teams must protect uptime and governance.
• Troubleshooting distributed systems: Failures and logs multiply across nodes and clusters, with limited unified visibility.
• Consistent security and compliance: Policy enforcement has to scale across environments, not be applied ad hoc.
• CNCF ecosystem complexity: With hundreds of projects evolving rapidly, keeping integrations current leads to sprawl and fatigue.
• Scaling across providers: Hybrid and multicloud deployments demand consistency that vanilla Kubernetes alone can’t deliver.

DIY offers flexibility, but at scale it leads to fragmented stacks and rising cognitive load.

Nutanix Value: A Production-Ready IDP

The Nutanix Kubernetes Platform (NKP) solution replaces DIY sprawl with a complete, open, and enterprise-grade platform that brings resiliency, security, and Day 2 operations to cloud native applications. Standardize management for fleets of clusters, no matter where your clusters run.

Key Capabilities:

• Open and Complete: The full-stack platform provides all of the components needed to deploy and run containerized applications in production, plus access to a full catalog of validated CNCF projects, enabling you to integrate the right tools for your needs.
• Automated Deployments: Automated Kubernetes deployment, scaling, and upgrades in any environment
• Unified Observability: Troubleshoot fast with integrated logging, monitoring, and alerting
• Actionable Insights: Get optimization recommendations, troubleshooting tips, and best practice guidance with NKP Insights and AI Navigator. Bring expert-level support to administrators by offering real-time best-practice guidance, anomaly detection with root cause analysis, and a conversational troubleshooting interface, helping to narrow the skills gap.
• Seamless Scaling: Use Kubernetes Cluster API for declarative scaling and lifecycle management.
• Pure upstream Kubernetes: No proprietary APIs that can result in lock-in.
• Portability across environments: Maintain consistent operations and run workloads anywhere.

Skip the complexity of building and maintaining custom tooling. The Nutanix platform uses pure upstream Kubernetes with no wrappers and no lock-in. Plug in the latest cloud native innovations and start delivering value fast so your teams can focus on innovation, not integration.

Learn More:

Chapter 2:
Fleet Management at Scale

As organizations scale Kubernetes across teams, sites, and clouds, clusters multiply—each with its own lifecycle, workloads, and policies. This fragmentation leads to configuration drift, inconsistent security, and rising operational overhead, making consistent lifecycle management, workload placement, policy enforcement, and observability essential.

Common Challenges

• Drift across clusters: Configurations diverge as changes are applied inconsistently.
• Automation gaps: Scripts and pipelines fail at scale, leaving clusters unsynced.
• Bandwidth and connectivity issues: Remote and edge sites disrupt upgrades and policy rollouts.
• Operational overhead: Manual upgrades, monitoring, and patching multiply across environments.
• Hybrid infrastructure: Different providers introduce variation in APIs, networking, and security controls.

Nutanix Value: Fleet-Wide Consistency

Nutanix provides a single management plane for Kubernetes fleets, delivering consistency across clusters, providers, and environments.

Key Capabilities:

• One-Click Application and Configuration Deployments: Roll out validated changes to every cluster without manual steps.
• GitOps with Continuous Reconciliation: Built on Flux CD, NKP ensures configurations are applied consistently — even in low-connectivity or edge environments.
• Immutable Infrastructure: Instead of mutating live infrastructure, Cluster API in NKP replaces resources to enforce the desired state, eliminating drift and improving reliability. Roll out validated changes to every cluster across the datacenter, edge, and cloud without manual steps.
• Fully Integrated CNCF Tooling: Production-ready observability, policy, and security projects are included.
• Built-In Air-Gapped Support: Fleets can run securely in restricted or disconnected environments with full lifecycle management.

Nutanix enables a single management plane for the Kubernetes fleet, making it simple to roll out validated changes, enforce policies, and maintain visibility across providers. The result is a resilient platform with consistent operations and a seamless experience across datacenter, edge, and cloud.

Chapter 3:
Run Kubernetes at the Edge

Traditional IoT models were built for telemetry and centralized analytics, but they fall short in today’s edge environments. In industries like manufacturing, retail, and remote operations, enterprises are managing hundreds or thousands of distributed sites, often with unreliable connectivity. These locations need infrastructure that’s lightweight, autonomous, and capable of processing data where it’s created.

Common Challenges

• Legacy IoT stacks: Built for data collection, not real-time processing or AI workloads.
• Unreliable connectivity: Remote sites often operate with limited or no internet access.
• Operational overhead: Managing infrastructure across many locations increases complexity.
• Resource constraints: Edge sites have limited compute, storage, and power.
• Security and compliance: Distributed environments expand the attack surface.

Nutanix Value: Full Stack Platform

Nutanix delivers a complete solution for edge environments, combining infrastructure, Kubernetes orchestration, and application lifecycle management in a single platform.

Key Capabilities:

• Resilient Edge Infrastructure: Compact, edge-optimized clusters that run on bare metal or virtualized environments.
• Disconnected Operations: NKP is designed for intermittent or no connectivity, with full lifecycle support in air-gapped environments.
• Centralized Fleet Management: Manage all edge clusters from a single control plane using built-in NKP features like Workspaces and Projects.
• GitOps-Based App Delivery: Deploy applications directly from Git repositories using Projects, ensuring consistency across sites.
• Flexible Cluster Configurations: Customize control plane and worker node sizing to match site constraints (1-, 3-, or 5-node control planes).
• Streamlined Application Stack: Built-in observability, policy, and lifecycle tools optimized for edge use cases.

Nutanix enables a single pane of glass for the Kubernetes fleet, making it simple to roll out validated changes, enforce policies, and maintain visibility across providers. The result is a resilient platform with consistent operations and a seamless experience across datacenter, edge, and cloud.

Chapter 4:
Security and Compliance

As Kubernetes environments expand across clusters and teams, enforcing consistent security and compliance becomes essential. Enterprises must manage multi-tenancy, isolate workloads, and ensure secure image delivery, especially in regulated industries and distributed environments. 

Common Challenges

• Inconsistent security policies: Varying configurations across clusters lead to enforcement gaps.
• Manual credential management: Static secrets and credentials increase operational overhead and risk.
• Multi-tenancy complexity: Isolating workloads and users securely across environments is difficult.
• Secure image delivery: Ensuring trusted sources and vulnerability scanning is often manual.
• Compliance requirements: Meeting standards like FIPS 140-2 across environments requires integrated tooling.

Nutanix Value: Full Stack Platform

Nutanix includes comprehensive security features to enforce consistency across clusters, users, and workloads while simplifying compliance and access management.

Key Capabilities:

• End-to-End Security: Role-based access control (RBAC), encryption, FIPS 140-2 support, and integrated compliance tools provide a secure environment for Kubernetes workloads.
• Centralized Authentication: Integrated SSO out of the box, with federated authentication for all NKP-managed and attached clusters.
• Flexible Identity Integration: Seamlessly connect existing enterprise identity providers with NKP.
• Credential-Free Access: Display kubectl login information directly in the browser—eliminating manual credential handling.
• Cloud Native Networking: Highly scalable and secure networking powered by CNCF projects Cilium and Calico.
• Pod-Level Firewalling: Use Kubernetes Network Policies to control which Pods and Services can access one another.

Nutanix enables consistent security and compliance across Kubernetes clusters—simplifying access control, workload isolation, and regulatory alignment from edge to core to cloud.

Chapter 5:
Data Protection and Management

As Kubernetes adoption expands to stateful workloads, data becomes central to platform strategy. Stateful workloads introduce new complexity, such as needing persistent storage, compliance, and disaster recovery. While a Container Storage Interface (CSI) driver standardizes how storage is provisioned, it doesn’t solve for enterprise-grade data protection, mobility, or governance. Platform engineers now face the challenge of managing data as a primary concern across hybrid and multi-cloud environments.

Common Challenges

• Limited CSI scope: CSI handles storage provisioning but lacks built-in data protection and DR capabilities.
• Fragmented tooling: Stitching together multiple solutions for backup, DR, and migration increases complexity.
• Compliance pressure: Regulations demand zero data loss and strict control over where and how data is stored.
• Multi-cluster environments: Managing data across clusters and clouds requires consistent policies and tooling.
• Developer friction: Complex data workflows slow down self-service and platform engineering efforts.

Nutanix Value: Enterprise-Grade Data Services for Kubernetes

Nutanix extends CSI with enterprise-grade data protection and management capabilities, delivering app-centric, policy-driven services across clusters and clouds. Like Kubernetes, all data services are designed to be distributed and scale effortlessly.

Key Capabilities:

• Enterprise Storage for Kubernetes: Nutanix Unified Storage delivers integrated persistent storage for stateful applications, including support for block, file, and object storage. Its scale-out architecture aligns with how Kubernetes apps are built and run, ensuring simplified scaling across clusters
• Tiered Data Services: Support for synchronous and asynchronous replication, backup, and restore with flexible RPO/RTO options using Nutanix Data Services (NDK).
• App-Centric Management: Protect entire application namespaces with their associated data and Kubernetes objects using policy-based replication and snapshot tools.
• Self-Service Tools: Declarative CRD-driven interface for developers to manage data workflows without cognitive overload.
• Compliance-Ready Policies: Enforce storage and protection policies across edge, cloud, and on-prem environments.
• Multi-Persona Support: IT admins and platform engineers use familiar tools like Prism Central and kubectl to manage infrastructure and data.
• Workload Mobility: Migrate stateful applications across clusters and providers to handle upgrades, rebalancing, or cloud transitions.
• Best-in-Class Integrations: Use CNCF projects like Velero for backup and restore, with support for object storage and hybrid cloud targets.
• Database Management for Kubernetes: Nutanix Database Services (NDB) automates provisioning, patching, and protection of databases running in Kubernetes environments.

Nutanix enables reliable, scalable data protection and management for Kubernetes, which bridges the gap between CSI and enterprise needs with a unified, app-centric approach.

Learn More:

Chapter 6:
Air-Gapped Deployments

Kubernetes was designed for cloud-native environments, but many enterprise and government organizations operate in disconnected, constrained, or highly secure networks. These air-gapped environments—common in defense, manufacturing, and remote operations—require platforms that can function independently of the internet while maintaining security, consistency, and operational efficiency.

Common Challenges

• Limited networks: Bandwidth constraints, high latency, and packet loss disrupt operations.
• Isolated networks: No internet access, requiring bastion hosts or DMZs for updates.
• Constrained networks: Strict security policies, destination filtering, and proxy requirements.
• Cloud native defaults: Most container tools assume always-on connectivity to public registries.
• Operational overhead: Manual setup and fragmented tooling cause risk and complexity.

Nutanix Value: Air-Gapped First Architecture

The Nutanix Kubernetes Platform is built to run securely and autonomously in disconnected environments, delivering a complete Kubernetes stack with integrated security, registry, and lifecycle tooling.

Key Capabilities:

• Air-Gapped First Design: Everything from installation to lifecycle management can be done offline.
• Uber Bundle: A single offline bundle containing the container images and charts to provision the cluster.
• Built-In Registry Support: Deploy Harbor registry from the application catalog to host and manage container images locally.
• Proxy and Offline Support: Use existing proxies or install directly from local registries using offline bundles.
• Military-Grade DevSecOps:
  • Pre-scanned releases and installation bundles for secure, validated deployments
  • SSO and centralized RBAC for unified access control
  • Multi-tenancy support for secure workload isolation
  • VPC integration and network policies for fine-grained traffic control
  • Encrypted communications to protect data in transit
  • Policy enforcement and anomaly detection for proactive security and compliance

NKP’s structured bundles, built-in registry, and rigorous air-gapped testing enable quick, successful deployments in the toughest environments. With automation and clear instructions, even complex setups can be deployed reliably so that Kubernetes can run anywhere it’s needed, securely and at scale.

Chapter 7:
Hybrid Cloud Kubernetes

As enterprises adopt Kubernetes across multiple environments, many find themselves managing clusters in different public clouds like AWS (EKS), Azure (AKS), and Google Cloud (GKE). While these managed services are powerful, they’re designed to operate within their own ecosystems, making it difficult to maintain operational consistency, visibility, and governance across platforms.

Common Challenges

• Fragmented tooling: Each cloud provider has its own console, APIs, and operational model.
• Inconsistent security and policies: Governance varies across environments, increasing risk.
• Operational overhead: Managing multiple stacks increases complexity and cost.
• Limited visibility: Difficult to track usage, performance, and cost across clouds.
• Siloed teams: Different environments often lead to duplicated effort and inconsistent workflows.

Nutanix Value: Unified Kubernetes Across Clouds

Nutanix Kubernetes Platform bridges the gap between cloud native services and enterprise needs, offering a consistent Kubernetes experience across on-prem, public cloud, and edge environments.

Key Capabilities:

• Centralized Management: Deploy, upgrade, and monitor clusters across clouds from a single console.
• Cloud Native Compatibility: Integrates with services in AWS, Azure, and GCP—so teams can build on what they already use.
• Unified Tooling: One set of tools and workflows across all environments, reducing learning curves and duplication.
• Cost and Resource Visibility: Drill down into application-level costs and get a comprehensive view of infrastructure usage.
• Policy Consistency: Enforce governance and automation uniformly across environments.
• Operational Efficiency: Simplifies lifecycle management and reduces manual overhead.
• Full-Stack Infrastructure for On-Prem Deployments: A single platform for managing Kubernetes, VMs, storage, networking, security, and orchestration to streamline setup and reduce Day 2 operational complexity

Nutanix enables a consistent, policy-driven Kubernetes experience across environments. With centralized control, integrated tooling, and visibility into cost and performance, teams can streamline operations, reduce risk, and accelerate delivery, no matter where your workloads run.

Chapter 8:
Accelerate Developer Velocity

Developer productivity is a key driver of business success, but in many organizations, developers can spend more time navigating infrastructure than writing code. From provisioning environments to managing dependencies, the friction between development and operations slows down delivery. Platform engineering aims to remove these barriers by providing developers with a streamlined, self-service experience that moves code from dev to QA to production with speed and confidence.

Common Challenges

• Slow handoffs: Manual processes between dev, QA, and production environments delay releases.
• Tooling sprawl: Developers must learn and maintain multiple tools across environments.
• Lack of automation: Infrastructure provisioning and updates often require tickets or custom scripts.
• Inconsistent environments: Differences between stages lead to bugs and rework.
• Compliance overhead: Security and policy enforcement is often reactive and manual.

Nutanix Value: Platform Engineering for Velocity

Nutanix delivers a full-stack Kubernetes platform that simplifies infrastructure, integrates with existing CI/CD pipelines, and empowers developers with self-service capabilities.

Key Capabilities:

• CI/CD Integration: NKP works with existing pipelines, so teams don’t need to rebuild workflows around proprietary APIs.
• Developer Self-Service: Workspaces and Projects allow developers to deploy and manage apps independently.
• Full-Stack Platform: Includes everything needed for an enterprise application, including infrastructure, data services, networking, and business continuity.
• Built-In Guardrails: OPA Gatekeeper policies ensure compliance without slowing down workflows.
• Observability and Automation: Integrated logging, monitoring, and alerting streamline troubleshooting and release validation.

Nutanix helps platform teams accelerate developer velocity by delivering a secure, self-service Kubernetes experience. With automation, consistency, and full-stack integration, developers can focus on building applications instead of managing infrastructure while operators maintain control and reliability across environments.