Skip to content


The Rafay platform has been specifically designed such that customers can deploy and manage their clusters in both cloud and on-premise environments. The Rafay Platform has two primary components that are described below.

System Architecture

Rafay Controller

The Controller is a management platform that customers use to manage both their Kubernetes clusters and their containerized applications.

A separate interface is provided for Operations and Application Owners to ensure that there is clear separation of duties. The controller can be accessed via a web console, CLI and REST APIs.

Controller Access

The Rafay Controller can be accessed via

  • Using a web browser (via the Rafay Console) or
  • Programmatically using the Rafay CLI (RCTL) or
  • Programmatically via REST APIs

Access Methods

Deployment Options

Rafay supports three deployment options for the Controller:

  1. SaaS (Multi Tenant, Rafay Managed)
  2. Customer Premise (Rafay Managed, Single/Multi Tenant)
  3. Customer Premise (Customer Managed, Single/Multi Tenant)

Controller Deployment Options

Rafay Kubernetes Operator

Every "managed Kubernetes cluster" has a Rafay Kubernetes operator deployed into a dedicated namespace for ongoing operations and lifecycle management.

The Rafay Kubernetes operator "Dials Out" to the Rafay Controller and maintains a long running, TLS connection (mutually authenticated and encrypted).


No inbound ports need to be opened. Only outbound on port 443 to the Controller