Nova FAQ
Can Nova run on any cloud provider? What about on-prem?
Nova is designed to manage Kubernetes conformant workload clusters irrespective of whether they are on the cloud or on-premises. As long as you use a certified Kubernetes distro (EKS on AWS, GKE on GCP, AKS on Azure, OKE on OCI, OpenShift on on-prem, etc), Nova will work. Currently Nova is tested on EKS, GKE and AKS. If you are interested in trying/using Nova on a different Kubernetes distro/cloud (ex: Gardener on Leafcloud), please let us know at info@elotl.co so that we can work with you to test and support it.
Can Nova manage workload clusters across regions and across cloud providers?
Yes. Your cluster fleet can include clusters from any region / cloud provider. For example, your Nova fleet could have {5 on-prem clusters, 3 EKS clusters in us-east-1, 5 GKE clusters in an EU region}.
What is stored in Nova's datastore versus the workload cluster's datastore?
Nova control plane's datastore is etcd. For workload resources scheduled by Nova, the control plane etcd stores only the top-level pod-controller objects such Deployments, Jobs, StatefulSets, etc. The number of replicas or pods for each of these workloads currently scheduled across a Nova user's fleet of clusters will be visible via the Nova control plane. However, the control plane does not store Pod objects. These pod objects can be accessed directly from the workload clusters. If you would like pod object available through the control plane, Nova provides a feature called backpropagation that needs to be explicitly enabled.
Are workload clusters locked down?
"Or can I connect to a workload cluster and perform CRUD operations on its objects? For example, if I schedule a Deployment with 10 replicas to workload-cluster-1, can I connect to workload-cluster-1 and scale the Deployment object to 20 replicas?"
Workload clusters are not locked down. So this means that a user who has been given privileges to access a workload cluster directly is allowed to override and make changes to resources scheduled through Nova. If Nova users should not be allowed to make these changes then only Nova control plane access credentials should be given to users - so that all Kubernetes manifest changes will be through Nova.
Does Nova control plane need to have credentials of the workload clusters? How does Nova agent security work?
No, the Nova control plane does not need to have credentials to the workload clusters. At the time of workload cluster installation, the workload cluster has stripped-down credentials to be able to register itself with the control plane. During the registration process, expanded credentials needed by the Nova Agent are then created within the control plane, then fetched by Nova agent and kept in the Nova agent memory.
If a workload is stateful, how does Nova handle PVs during workload migration?
Stateful workloads that need to be migrated should use persistence that is accessible from both the source and target clusters such as S3 on AWS.
Which service meshes does Nova support?
Nova is designed to deploy any Kubernetes workload to the workload clusters - this includes service mesh workloads. We have successfully deployed Istio via Nova using Spread Schedule Policy with Overrides. If you have a favorite service mesh you’d like to deploy using Nova, we’d love to help support you. Please write to use at info@elotl.co
Does Nova work with my GitOps workflows? For example, can I plug Nova into my ArgoCD environment?
Yes, Nova can be easily plugged into your GitOps workflow. In this talk at CloudNative Rejekts at KubeCon 2023: https://www.youtube.com/watch?v=lTwCQMzDD3E&t=25359s, we outline how Nova can seamlessly work with ArgoCD and the benefits of this integration.
What happens when multiple policies match a Nova-scheduled object?
For any object to be managed by Nova, one has to create a Schedule Policy first and make sure that the namespace & resource selectors in the Schedule Policies are matching the object. However, there may be cases when more than one Schedule Policy matches the object at the time of object creation. In this case, Nova scheduler will get the list of matching schedule policies, sort the list in lexicographic order, and pick the first Schedule Policy from the sorted list.
Is Nova Highly Available?
Nova is in itself a Kubernetes application that uses a combination of upstream Kubernetes components as well as in-house Kubernetes resources - all of which can be run in multi-replica mode. Work is in progress to provide a deployment blueprint to install Nova in HA mode to tolerate zone failures.
How is Disaster Recovery provided for Nova?
Since Nova is a standard Kubernetes application, off-the-shelf DR solutions used for other Kubernetes applications in your ecosystem will be applicable. If you would like to integrate with a DR solution of your choice, we would be happy to work with you to support this.
How does Nova handle service discoverability between services running across multiple-clusters?
Nova expects multi-cluster applications (single applications that are spread across clusters) to use a service-mesh’s service discovery features or tools like Admiral to establish connectivity between pods. The manifests of the service-mesh and its configuration will then be scheduled by Nova across its workload clusters.
We deploy Argo rollout resources to several clusters with helm. We'd like to have the capability to promote/abort a rollout on all clusters at the same time. Can Nova help with that?
Yes, Nova can help with that. You’d need to deploy the Argo Rollouts controller to the Nova hosting cluster and then install CRDs in the Nova Control Plane. Then, configuring a SchedulePolicy with spread constraints and matching objects created by Rollout (ReplicaSets) will schedule these ReplicaSets into the workload clusters. Aggregated status of the Rollout will be synchronized to the Nova Control Plane’s Rollout. You can follow our tutorial about specifying Canary Rollout in a Multi Cluster environment available here.
Is Nova open-source?
Nova is currently offered via a freemium model with open source plans in the near future. Nova free-tier is full-featured with a limit only on the number of workload clusters which is capped at 6. We would love to work with you to provide an uncapped version for your trial!