Architecture
The platform has been specifically designed such that customers can deploy and manage their Kubernetes clusters in both cloud and on-premise environments. The Platform has two primary components that are described below.
Key Components¶
The Controller¶
The Controller is a "multi cluster management" platform that customers use to manage both their Kubernetes clusters and their containerized applications. A separate interface is provided for Operations and Application Owners to ensure that there is clear separation of duties. The controller can be accessed via a web console, the RCTL CLI, REST APIs and a Terraform provider.
Kubernetes Management Operator¶
The Kubernetes management operator (aka agent) are containers and is deployed into customer clusters. The operator is deployed to a dedicated namespace ("rafay-system"). The operator is responsible for establishing and maintaining a mTLS control channel connection to the Controller (SaaS or Self Hosted) over port 443. It receives configured instructions and policies from the controller and interacts with the downstream k8s API server behaving like a proxy.
Important
No inbound ports need to be opened at the customer's firewall. Only outbound on port 443 to the Controller is required.
Accessing the Controller¶
The Controller can be accessed via
- Using a web browser (via the Web Console) or
- Programmatically using the RCTL CLI or
- Programmatically via REST APIs or
- A Terraform provider
Deployment Options¶
Three deployment options are supported for the Controller:
- SaaS (Multi Tenant, Managed)
- Self Hosted (Managed, Single/Multi Tenant)
- Self Hosted (Customer Managed, Single/Multi Tenant)