Skip to content

Use

At this point, the developer is ready to request a namespace within the host Kubernetes cluster. To get access to the environment, note that the developer

  • Does not need to have any knowledge of Terraform or other IaC frameworks
  • Does not need access to privileged credentials
  • Does not need any help from the Platform team to deploy their environment

Important

Ensure that the developer is assigned to a group that has the "Environment Template User role" in the project. This will provide the developer the ability to create the new namespace based environment via self-service.

Request Namespace

When a developer requests a namespace, based on Kubernetes, a series of steps are automatically performed to fulfil the request. The sequence diagram below describes the high level steps.

Important

Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users. 

sequenceDiagram    
    participant dev as Developer
    participant rafay as Rafay Platform
    participant csp as K8s Cluster
    participant idp as Identity Provider 

    dev->>rafay: Login (Opt. SSO)
    dev->>rafay: New Environment 
    rafay->>csp: Create k8s namespace w/ Resource Quota  
    rafay->>csp: Create k8s 'deny-all' network policy in the namespace
    rect rgba(0, 0, 255, .1)
    opt SSO via Identity Provider
        rafay-->>idp: Create Group for k8s namespace 
        rafay-->>idp: Add developer to Group 
    end
    rafay->>rafay: Create Group in Rafay
    rafay->>rafay: Add NS Admin <br>RBAC to Group
    end
    dev->>rafay: Access/Use Namespace

Note

Once the developer logs into the Rafay Org after the the environment is created (SSO using Identity Provider recommended), they will automatically have access to their specific Namespaces they have been authorized to use. The necessary RBAC to the assigned Kubernetes namespace is orchestrated automatically by Rafay Kubernetes Manager.

Step 1: Deploy Environment

The developer can now deploy the environment. Environment Manager will automatically create a namespace on the shared, host cluster, configure the namespace with the specified policies and assign the proper RBAC to allow the developer with the privileges to manage resources in the newly created namespace.

  • Developer logs in and navigates to the project
  • Navigate to Environments -> Environments
  • Click Launch on the Namespace as a Service card

Deploy

  • Enter a name for the environment
  • Select the appropriate CPU and Memory requests for the namespace

Optionally, you can add a collaborator to the environment resources. This user will have the same permissions as the requesting user of the environment.

To add a collaborator:

  • Click Show optional parameters
  • Click Add Optional Parameter
  • Select collaborator for the parameter
  • Enter the collaborator's email address for the value
  • Click Save & Deploy

Deploy

The environment will begin to deploy. This step can take ~2 minutes to complete.

Once complete, you will see the name of the newly created namespace in the Results section of the page

Deploy

Step 2: Use Namespace

Once the environment has finished deploying, the developer can use the newly deployed namespace. They can deploy and operate containerized applications to the newly created namespace. The typical steps are as follows

  • Build a container image
  • Upload the container image to a container registry (e.g. ECR or DockerHub)
  • Create Kubernetes YAML for the container image
  • Deploy the application to the namespace using either Kubectl or Helm or Rafay workloads.

Access Namespace

Developers can optionally use the steps below to access the namespace that is created for them.

  • Log into the controller
  • Navigate to Infrastructure -> Clusters
  • Click KUBECTL on the cluster card to access the namespace

Step 1: Deploy Environment

In this step, you will deploy an environment from the template through Git.

  • In your Git repository, create a new file in rafay-resources/projects/YOUR PROJECT/environments/ENVIRONMENT_NAME.yaml
  • Copy the below YAML to the file and be sure to update the required fields to match your environment
  • Save and commit the file
apiVersion: eaas.envmgmt.io/v1
kind: Environment
metadata:
name: <UPDATE>
project: <UPDATE>
spec:
template:
    name: <UPDATE>
    version: <UPDATE>
    versionState: <UPDATE>
variables:
- name: cpu
    options:
    description: Assign the amount of CPU for the namespace CPU request in milliCPU (m)
    override:
        restrictedValues:
        - 1000m
        - 2000m
        - 4000m
        type: restricted
    required: true
    value: 1000m
    valueType: text
- name: memory
    options:
    description: Assign the amount of memory for the namespace memory request in mebibytes (Mi)
    override:
        restrictedValues:
        - 1024Mi
        - 2048Mi
        - 4096Mi
        type: restricted
    required: true
    value: 2048Mi
    valueType: text
- name: network_policy
    options:
    description: Create a network policy that will deny all incoming and outgoing traffic from the namespace
    override:
        restrictedValues:
        - enabled
        type: restricted
    required: true
    value: enabled
    valueType: text

Important

Once the environment spec is committed to the repository, the pipeline will create the environment in the controller and begin to deploy the environment.

Environment Manager will automatically create a namespace on the shared, host cluster, configure the namespace with the specified policies and assign the proper RBAC to allow the developer with the privileges to manage resources in the newly created namespace.

Step 2: Update Environment

Once the environment has been deployed, day 2 operations can be performed on the environment via Git. In this section we will see how to update an environment.

  • In your Git repository, edit the previously created environment spec file
  • Make a change to the file, such as updating the value of the CPU request variable
  • Save and commit the file

Important

Once the environment spec updates are committed to the repository, the pipeline will update the environment in the controller and in the infrastructure of the environment.

Step 3: Use Namespace

Once the environment has finished deploying, the developer can use the newly deployed namespace. They can deploy and operate containerized applications to the newly created namespace. The typical steps are as follows

  • Build a container image
  • Upload the container image to a container registry (e.g. ECR or DockerHub)
  • Create Kubernetes YAML for the container image
  • Deploy the application to the namespace using either Kubectl or Helm or Rafay workloads.

Access Namespace

Developers can optionally use the steps below to access the namespace that is created for them.

  • Log into the controller
  • Navigate to Infrastructure -> Clusters
  • Click KUBECTL on the cluster card to access the namespace

Summary

In summary, with Rafay, developers can now develop, deploy and validate their applications on a shared Cluster within a dedicated namespace that was provisioned for them in a "self-service" manner.