Skip to content


The SaaS, multi-tenant controller is built on a zero trust security model that only requires outbound Internet connectivity on TCP port 443 from the managed clusters to the Internet based SaaS controller for centralized management. However, due to security and operational requirements, some organizations may be unable to allow even outbound connectivity on port 443 to the SaaS Controller. As a result, these organizations may be required to deploy and operate the controller itself in their air-gap environment. Here are some examples:

  • A defence agency that needs to manage their clusters in GovCloud or their private network
  • A highly regulated business that needs to operate their clusters in their private network


The Controller itself is a containerized, microservices based application that is packaged and distributed as a Helm chart. In addition to the controller Helm chart, an installer is also provided to help provision and operate the Kubernetes and storage infrastructure layer for the controller software. All the software components including ones that need to persist state in storage will operate in the Kubernetes cluster.

High Level Architecture

Multi Tenancy

The controller supports full multi-tenancy providing customers the ability to provision and manage fully isolated Organizations (i.e. tenants). This means customers can provision different Organizations/tenants for different teams, business units, end customers or operating environments.

Deployment Options

Users of the air-gap, self hosted controller have two deployment options:

HA Option

Designed and optimized for production usage with a "highly available" (i.e. multi master Kubernetes cluster) deployment configuration with three Kubernetes master nodes and at least one worker node. Users can always expand the initial deployment anytime by adding worker nodes to the cluster as required.

HA Deployment

Single Node Option

This is primarily designed for non-production use primarily for testing and demos. This deployment option allows the entire controller software stack to be provisioned on a single node cluster operating as a converged master + worker node.

Management Options

Two management options are available for the air-gap controller

Self Managed

The customer deploys and operates the controller software on their network. The customer is responsible for installation, ongoing operations, upgrades etc.


With the managed option for the air-gap controller, the customer can offload the operational burden of provisioning and ongoing maintenance of the controller. The controller software will be operated on the customer's infrastructure with remote access provided to Rafay's operational/support personnel.