Skip to content

Browser

Users that have access to the Rafay Console are provided with the option to perform KubeCTL operations in a browser based shell after they successfully login.


Infrastructure Admins

Users with Infrastructure Admin roles for a Project(s) in the Rafay Console have access to the "Infrastructure" tab and therefore access to the Kubernetes clusters in the Project. For every managed cluster, in a Project, users are presented with a visible option to initiate KubeCTL. See the image below for an illustrative example.

Infra Admins KubeCTL via Browser

  • Click on the KubeCTL icon
  • This presents the user with a browser based KubeCTL shell

Cluster KubeCTL Shell


Project Admins

Users with Project Admin roles for a Project(s) in the Rafay Console have access to the "Applications" and "Integrations" tabs. Unlike Infrastructure Admins, these users DO NOT have direct, low level access to the Kubernetes clusters in the Projects. However, as application owners/developers, they may require quick KubeCTL access to the namespace where their workloads are deployed so that they can debug/diagnose issues when they occur.

The Rafay Console provides these users the means to open a browser based KubeCTL shell directly in the namespace of the cluster where their workload is deployed.

  • Click on a workload
  • Navigate to the Publish tab and click on Debug
  • Click on the KubeCTL button

The user will now be presented with a browser based KubeCTL shell and can perform operations in the namespace where the workload was deployed.

Browser KubeCTL for Workloads

Important

Unlike the debug window which automatically provides a filtered view of only the k8s resources for their workload, the KubeCTL shell provides the user visibility into all resources in the namespace.


Namespace Admins

Users with Namespace Admin roles in a Project in the Rafay Console have access ONLY to specifically identified Kubernetes namespaces. As application owners/developers, they may require quick KubeCTL access to the namespace where their workloads are deployed so that they can debug/diagnose issues when they occur.

The Rafay Console provides these users the means to open a browser based KubeCTL shell directly in the namespace of the cluster where their workload is deployed.

  • Click on a workload
  • Navigate to the Publish tab and click on Debug
  • Click on the KubeCTL button

The user will now be presented with a browser based KubeCTL shell and can perform operations in the namespace where the workload was deployed.

Browser KubeCTL for Workloads

Important

Users with a namespace admin role will be blocked from being able to perform privileged KubeCTL commands outside the allowed namespaces.