Architecture
The platform has been specifically designed such that customers can deploy and manage their Kubernetes clusters in both cloud and on-premise environments. The Platform has two primary components that are described below.
Key Components¶
The Controller¶
The Controller is a "multi cluster management" platform that customers use to manage their environments, Kubernetes clusters and their containerized applications. A separate interface is provided for Operations and Application Owners to ensure that there is clear separation of duties. The controller can be accessed via a web console, the RCTL CLI, REST APIs and a Terraform provider.
Kubernetes Management Operator¶
The Kubernetes management operator (aka agent) are containers and is deployed into customer clusters. The operator is deployed to a dedicated namespace ("rafay-system"). The Rafay operator establishes a mutually authenticated, zero-trust gRPC connection over TLS with the Rafay Controller over TCP port 443. This gRPC connection is used by the operator to pull configuration instructions and configurations from the controller for carrying out Kubernetes lifecycle management operations locally on the cluster. Role-Based Access Control (RBAC) mechanisms regulate what can be performed on clusters on behalf of a user via the Rafay Controller. An extensive audit provides visibility into what was performed when.
Important
No inbound ports need to be opened at the customer's firewall. Only outbound on port 443 to the Controller is required.
Accessing the Controller¶
The Controller can be accessed via
- Using a web browser (via the Web Console) or
- Programmatically using the RCTL CLI or
- Programmatically via REST APIs or
- A Terraform provider
Deployment Options¶
Three deployment options are supported for the Controller:
- SaaS (Multi Tenant, Managed)
- Self Hosted (Managed, Single/Multi Tenant)
- Self Hosted (Customer Managed, Single/Multi Tenant)