Skip to content


GitOps System Sync - Coming Soon


Refer to the Extended Config Schema (Recommended) to learn more about the parameters required to create an MKS Cluster via RCTL, Swagger v3 API, and GitOps System Sync.

GitOps System Sync facilitates bidirectional synchronization between the System (Rafay Controller) configuration and Git repositories. Any configuration changes made in the Git repository are reflected in the system (Rafay Controller), and vice versa. To learn more about System Sync, refer this page

This framework enables a 'GitOps' first approach for orchestrating operations by utilizing external triggers (Pipeline Triggers) for modifications made in Git and internal triggers whenever the artifact manifests in the Git repo need to be updated. With standardized specifications, managing configurations becomes extremely efficient.


Below is an example of an extended specification for MKS Clusters used in system sync flow.

kind: Cluster
  name: demo-mks
  project: demo
  type: mks
    name: minimal
    version: latest
  cloudCredentials: mkscloudcreds
    autoApproveNodes: true
    dedicatedControlPlane: true
    kubernetesVersion: v1.29.4
    location: sanjose-us
        name: Cilium
        version: 1.14.1
    - arch: amd64
      hostname: mks-node-1
      operatingSystem: Ubuntu20.04
      - ControlPlane
    - arch: amd64
      hostname: mks-node-3
      operatingSystem: Ubuntu20.04
      - Worker
        app: infra
      - effect: NoSchedule
        key: app
        value: infra
      app: infra
    - effect: NoSchedule
      key: app
      operator: Equal
      value: infra


To use system sync functionality for MKS clusters, it is essential to use GitOps agents and cloud credentials created using these agents for upstream cluster types. Ensure that you update the GitOps agent to version r2.8.0 or later.

Create Cloud Credential

MKS Cloud credentials are crucial for enabling GitOps SystemSync functionality and have been integrated into the UI, RCTL, and SystemSync interfaces. They authenticate the GitOps Agent to interact with nodes in your upstream Kubernetes cluster.

Follow the steps described below to create an IAM Role based cloud credential.

  • Login to the Console and select "Cloud Credentials" under Infrastructure
  • Click New Credential and provide a unique name
  • Select the Type Cluster Provisioning
  • Select provider MKS from the drop-down
  • By default, the Credential Type is SSH REMOTE
  • Select an Agent from the drop-down
  • Provide
    • Username to authenticate with the remote server or virtual machine where the MKS cluster will be provisioned,
    • Port number on which SSH service is running on the remote server. The default SSH port is 22, but it can be configured to use a different port for security reasons.
    • Private Key is a private SSH key associated with the SSH public key that is added to the authorized_keys file on the remote server. Users are allowed to upload the private key
    • Optionally, add Passphrase to encrypt the private key

Create Cloud Credential

  • Click Save

Once the credential is created, view it in the cloud credentials dashboard as shown below

Create Cloud Credential

Users can utilize these cloud credentials within the extended config specification to create a MKS cluster. Refer to the CLI for more details on the config spec and RCTL commands.

Refer to the Cloud Credentials page to create an MKS cloud credential via RCTL.