PMK Architecture

PMK Architecture

This article describes the architecture and design of PMK, and how PMK cloud hosted management plane communicates with the Kubernetes clusters.

For a quick overview of PMK and to understand key benefits of PMK, refer to What is PMK

For help with getting started with PMK, refer to Pre-install Checklist For PMK

PMK is a SaaS-managed Kubernetes offering that makes it easy for you to run Kubernetes on any infrastructure - either on your on-premise data centers or in the public clouds. PMK is designed to help you make use of all the benefits of Kubernetes, while ensuring you can run large scale, production ready, multi-cluster Kubernetes deployments that meet your business SLA.

When we create a new deployment of PMK for you or your organization, it consists of following key components:

  • Your Kubernetes control plane along with all the Kubernetes cluster components are deployed on the infrastructure of your choice - either on-premises or in a public cloud. You create and manage these clusters using PMK.
  • A cloud-hosted management plane maintains connectivity to your Kubernetes clusters via agents that are installed on your Kubernetes cluster nodes.
  • Any additional necessary compoents - such as Platform9 host agents - installed by Platform9 on your infrastructure. These enable our SaaS hosted management plane to access and manage your infrastructure remotely

This architecture has several benefits:

  • It allows the cloud hosted management plane to easily prepare nodes in your environment with the required pre-requisites to create a Kubernetes cluster
  • Once the clusters are created, the cloud hosted management plane can then monitor them 24x7 and detect any issues with the clusters
  • Depending on the issue, the management plane can perform an auto repair of the problem, when possible
  • When the issues are not auto repairable, the management plane can send alerts to your cloud administration team as well as the Platform9 support team. Our support team can then either take immediate action on your behalf - or inform you about a problem with your infrastructure and advice you on how to correct it.
  • The management plane also rolls out fully automated upgrades for your PMK Kubernetes clusters. It can auto-patch clusters with critical security vulnerabilities immediately after they are released by the community.

As a result of this architecture, PMK can provide a very high uptime SLA for your Kubernetes environment.

Communication between management plane and nodes

Part of the onboarding process with PMK is to install the Platform9 host and communications agents on your nodes. The agents, once installed, establish a secure outbound https tunnel with the management plane. All the traffic between the management plane and the clusters is routed via this tunnel. PMK controls and configures what data gets sent from each node to the management plane, to ensure that only metadata information about your environment is sent to the management plane. All your data lives securely in your data plane behind your firewall, and is not transferred over to the management plane.

Communication with management plane

You can communicate with the management plane either using the PMK User Interface, or via REST APIs.


Qbert is the PMK cluster manager, that lives in the management plane. Qbert enables CRUD (create, read, update, delete) operations on one or more Kubernetes clusters within PMK. Qbert exposes a REST API endpoint, that is used by the web UI to communicate with the managmeent plane.

You can locate the URL for the qbert API endpoint specific to your PMK deployment by navigating to API Access -> API Endpoints in the PMK UI.

You can use the Qbert REST APIs to automate your cluster management operations with PMK. Read more about Qbert REST APIs here


PMK provides a layer of multi-tenancy on top of Kubernetes, so that you and members of your organization can collaborate and utilize multiple Kubernetes clusters across different teams and geographical regions.

Read more about PMK multitenancy here

PMK achieves the multitenancy using an open source component called Keystone. Each deployment of PMK comes with an instance of Keystone, deployed in the PMK Management Plane.

You can locate the URL for the keystone API endpoint specific to your PMK deployment by navigating to API Access -> API Endpoints in the PMK UI.

Important Files

Each PMK nodes stores log files for the various PMK components at /var/log/pf9.

The /var/log/pf9/kube/kube.log file stores information about intallation of Kubernetes role on this node and the output of periodic status checks performed on the node. Consult this file on the node for more information if you are running into issues with attaching the node to the cluster or if the node is reported as ‘Unhealthy’ in the PMK UI.