☸️ Kubernetes v1.28+ Supported Updated: Oct 24, 2025

Kubernetes Integration Guide

Step-by-step instructions to deploy, configure, and manage Kubernetes clusters on CloudNexus infrastructure with production-ready best practices.

Introduction

CloudNexus provides fully managed Kubernetes (CNK) clusters with enterprise-grade networking, automated control plane updates, and integrated observability. This guide covers everything from initial CLI setup to deploying production workloads with auto-scaling and ingress routing.

ℹ️
Note: CloudNexus Kubernetes clusters are fully compatible with standard kubectl workflows. All commands below use native Kubernetes APIs with CloudNexus-specific annotations where applicable.

Prerequisites

  • CloudNexus account with Cluster Admin role
  • API Key generated from Console → Settings → API Keys
  • kubectl v1.27+ installed locally
  • Base64 encoding utility (built into most OS)
  • Domain with DNS access (for ingress)
Component Minimum Version Recommended
kubectlv1.25v1.28+
Container Runtimecontainerd 1.6containerd 1.7+
CNI PluginCalico v3.24Calico v3.26
OS ImageUbuntu 22.04 LTSUbuntu 24.04 LTS

Install & Configure CLI

If you haven't installed the CloudNexus CLI (cnx) yet, follow the official installation guide for your platform:

bash 
curl -fsSL https://cli.cloudnexus.io/install.sh | bash
cnx login --api-key YOUR_API_KEY --region us-east-1

Verify installation and authentication:

bash 
cnx auth verify
cnx cluster list

Connect to Cluster

Once your cluster is provisioned, export the kubeconfig to interact with it via kubectl:

bash 
cnx cluster kubeconfig my-prod-cluster > ~/.kube/cn-config
cat ~/.kube/cn-config >> ~/.kube/config
kubectl cluster-info --context cnx-us-east-1
⚠️
Security Warning: Never commit kubeconfig files containing authentication tokens to version control. Use CI/CD secret management or CloudNexus Vault for pipeline authentication.

Deploy First Workload

Create a namespace and deploy a sample application using a Deployment and Service:

deploy.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: production
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
      - name: api
        image: cnx-registry.io/apps/web-api:v2.1.0
        ports:
        - containerPort: 8080
        resources:
          requests:
            cpu: "250m"
            memory: "256Mi"
          limits:
            cpu: "500m"
            memory: "512Mi"
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 15
          periodSeconds: 10

Apply the configuration:

bash 
kubectl apply -f deploy.yaml
kubectl get deployments -n production
kubectl rollout status deployment/web-app -n production

Ingress & SSL Configuration

CloudNexus provides an integrated NGINX Ingress Controller with automatic Let's Encrypt certificate provisioning. Configure your ingress resource:

ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-app-ingress
  namespace: production
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: cnx-nginx
  tls:
  - hosts:
    - app.example.com
    secretName: web-app-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-app-svc
            port:
              number: 80

After applying, verify certificate status:

bash 
kubectl get certificate -n production
kubectl describe ingress web-app-ingress -n production

Autoscaling & Monitoring

Enable Horizontal Pod Autoscaler (HPA) based on CPU/memory metrics or custom CloudNexus metrics:

hpa.yaml 
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: web-app-hpa
  namespace: production
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web-app
  minReplicas: 2
  maxReplicas: 20
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

CloudNexus automatically provisions the Metrics Server and integrates with Prometheus/Grafana. Access dashboards via Console → Observability → Kubernetes.

Pro Tip: Use cnx monitor pods for real-time streaming logs and resource utilization directly in your terminal.

Best Practices

  • Namespace Isolation: Use dedicated namespaces per environment/team with ResourceQuotas and LimitRanges.
  • Security Contexts: Run containers as non-root with read-only root filesystems.
  • Secrets Management: Use CloudNexus Vault integration instead of plain Kubernetes Secrets.
  • Network Policies: Implement default-deny policies and explicitly allow required traffic flows.
  • Image Scanning: Enable automated vulnerability scanning in CNX Registry before deployment.
networkpolicy.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: production
spec:
  podSelector: {}
  policyTypes:
  - Ingress

Troubleshooting

Common Issues

Error Cause Resolution
Connection refusedIngress controller pendingCheck kubectl get pods -n ingress-nginx for crashing controllers
ImagePullBackOffInvalid registry credentialsVerify imagePullSecrets and registry endpoint accessibility
CrashLoopBackOffApplication crash or probe failureRun kubectl logs and adjust liveness/readiness thresholds
Insufficient cpu/memoryNode capacity exceededScale node group or adjust HPA limits

For advanced diagnostics, enable verbose logging:

bash 
kubectl get events --sort-by=.metadata.creationTimestamp -n production
cnx cluster diagnose my-prod-cluster --output json

Next Steps

You now have a fully operational Kubernetes cluster on CloudNexus. Explore advanced topics:

💬
Need help? Join our Developer Community or open a support ticket with priority: k8s-integration.