Skip to content


The platform has been specifically designed such that customers can deploy and manage their Kubernetes clusters in both cloud and on-premise environments. The Platform has two primary components that are described below.

System Architecture

Key Components

The Controller

The Controller is a "multi cluster management" platform that customers use to manage both their Kubernetes clusters and their containerized applications. A separate interface is provided for Operations and Application Owners to ensure that there is clear separation of duties. The controller can be accessed via a web console, the RCTL CLI, REST APIs and a Terraform provider.

Multi Cluster Management

Kubernetes Management Operator

The Kubernetes management operator (aka agent) are containers and is deployed into customer clusters. The operator is deployed to a dedicated namespace ("rafay-system"). The operator is responsible for establishing and maintaining a mTLS control channel connection to the Controller (SaaS or Self Hosted) over port 443. It receives configured instructions and policies from the controller and interacts with the downstream k8s API server behaving like a proxy.


No inbound ports need to be opened at the customer's firewall. Only outbound on port 443 to the Controller is required.

Accessing the Controller

The Controller can be accessed via

  • Using a web browser (via the Web Console) or
  • Programmatically using the RCTL CLI or
  • Programmatically via REST APIs or
  • A Terraform provider

Access Methods

Deployment Options

Three deployment options are supported for the Controller:

  1. SaaS (Multi Tenant, Managed)
  2. Self Hosted (Managed, Single/Multi Tenant)
  3. Self Hosted (Customer Managed, Single/Multi Tenant)

Controller Deployment Options