Core Concepts

This section discusses the core concepts in Nirmata. Most of these concepts will be familiar, as Nirmata does not introduce any unnecessary abstractions. The picture below shows the main entities, and their relationships to each other. Each of these concepts are further defined below:


Applications are composed of multiple workloads such as Deployments and StatefulSets. Applications can be defined in a Catalog and can run in one or more Environments. While Nirmata has been designed for Microservices-style applications, it is easy to model and manage any application including traditional 3-tier applications as well.


Catalogs contain application definitions and artifacts. A Catalog application can modeled natively in Nirmata and exported or deployed as a set of YAML definitions. Catalog Applications can also point to an external upstream, like a Git repository or a Helm Chart, that coontains the application artifacts.


An environment is a virtual cluster backed by a namespace, access controls, resource quotas and limits, and workload policies. Environments contains runtime instances of one or more Applications. Environments can be created for different stages of a development pipeline, such as dev-test, staging, production or can be based on deployment characteristics such as regions, or can be one per application.


Clusters consist of Kubernetes control-plane components and worker nodes. With Nirmata, you can deploy and operate Kubernetes clusters from scratch, or can register and operate existing clusters created by other providers.


Policies are used to govern resource usage, application constraints, and ensure scalable, consistent, and repeatable behaviors across multiple teams. In Nirmata declarative policies are used to manage all resources.

Nirmata provides three policy types:

Workload Policies

Workload Polices can be used to validate, mutate, and generate Kubernetes configurations. Nirmata applies workload policies as admission controls per cluster, and policies can be used to audit or enforce configuration security and best practices. Nirmata has several built-in policies for common configuration errors and security concerns, that can be customized.

Environment Types

Environment Types define resource limits for Environments and allow self-service provisioning of virtual clusters. Nirmata has built-in envronment types that can be customized and new environment types can be defined as needed.

Cluster Types

Cluster Types define all aspects of how a cluster should be provisioned and enable selfservice provisioning of Kubernetes clusters. Nirmata offers a lot of flexibility in how clusters are provisioned and managed and supports the following options:

  1. Custom Clusters: with Custom Clusters, Nirmata can install the Kubernetes control plane on any physical or virtual server (including cloud instances.) Nirmata supports provisioning of nodes via API integrations with public and private cloud providers. Alternatively, Nirmata allows external provisioning and registration of nodes. Once the nodes are configured, Nirmata automates the provisioning of the Kubernetes control plane.

  2. Provider Managed Clusters: with Provider Managed Clusters, Nirmata uses cloud provider API integrations to automate the cluster control-plane and worker node lifecycle management. Nirmata supports provisioning and management of managed Kubernetes clusters using Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Serrvice (AKS), Google Kubernetes Engine (GKE), Oracke Kubernetes Engine (OKE), etc.

  3. Registered Clusters: with Registered Clusters, Nirmata allows externally managed clusters like RedHat OpenShift or Rancher RKE clusters to be registered and managed by Nirmata. This can be useful for migration, or simply to leverage Nirmata’s advanced Day 2 workload management but leverage other tools for cluster management.

Cloud Credentials

Cloud Credentials provide access to cloud resources, for compute, network, and storage. Nirmata uses the cloud credentials for API based access to supported cloud providers.

Nirmata currently supports the following cloud providers:

  • Public Clouds
    • Amazon Web Services (AWS)
    • Microsoft Azure
    • Google Compute Engine
    • Oracle Cloud Services
  • Private Clouds:
    • VMware vSphere
    • Nutanix
  • Direct Connect (any virtual or physical server)

Nirmata can securely manage both public and private clouds, without requiring any special network or firewall configuration.

Host Groups

Host Groups are pools of container hosts with the same configuration, created in a cloud provider. For example, you can allocate pools of resources based on service tiers, application characteristics, or application lifecycle needs.

Image Registries

An Image Registry stores Docker images, which are typically produced by a build system. Nirmata supports both public and private image registries. You can setup your build tools to generate images for each service, and then trigger Nirmata to deploy the images.