Overview
This is a reference design and implementation of an environment template to provision self service developer environments within a cluster running on PhoenixNAP. This reference design is based on Rafay's Kubernetes Manager and Environment Manager.
Source Code for Template¶
The Terraform source code and related assets are available in a public Git repo as shown below
Design¶
This design assumes an Upstream Kubernetes cluster will be deployed on instances provisioned on an infrastructure provider (e.g. Phoenix NAP) using Environment Manager. The Kubernetes cluster will be managed using Rafay's Kubernetes Manager. A number of critical software add-ons will be automatically deployed on the Kubernetes cluster using the specified cluster blueprint. In this example, we automatically configure and deploy a number of Rafay managed add-ons and metallb load balancer as part of the cluster blueprint. See details below.
- MetalLB Load Balancer
- Managed Ingress Controller
- Managed Storage
- Visibility & Monitoring
- Secure Access
Important
In future versions of this environment template, we plan to add additional add-ons (e.g. turnkey OPA Gatekeeper policies, cost visibility) to the default list.
Architecture¶
Platform teams can use this template in multiple RBAC managed projects in their Rafay Orgs for different application teams and use cases. An illustrative example is shown below.
Environment Template¶
The provided environment template comprises three resources.
Infrastructure¶
This resource template is based on Infrastructure as Code (IaC) using Phoenix NAP's Terraform Provider to provision Ubuntu 22.04 OS based server instances in the configured region.
Upstream Kubernetes¶
This resource template is based on Infrastructure as Code (IaC) using Rafay's Terraform Provider to provision Upstream Kubernetes onto the instances (from above) and then deploy the cluster blueprint with the configured software add-ons.
Test Application¶
This resource template is based on Infrastructure as Code (IaC) using Rafay's Terraform Provider to showcase how a developer can utilize the newly provisioned Upstream Kubernetes cluster.
- Create a new namespace
- Deploy a Wordpress Helm chart (containerized application) to this namespace.
Note
The Wordpress application is configured to use a PVC on the configured Managed Storage and will be accessible to users via the configured metallb addon.
Initial Setup¶
The platform team is expected to setup the needed Environment Manager resources and contexts so that developers can then make self service requests for resources using Environment Manager.
sequenceDiagram
participant plat as Platform Team
participant rafay as Environment Manager
participant idp as Identity Provider
plat->>rafay: Setup Environment Contexts
plat->>rafay: Setup Resource Templates
plat->>rafay: Setup Environment Template
rafay->>idp: Integrate Env Manager <br> with Corporate IdP
rafay-->>plat: Setup Complete Request for Environment¶
When a developer requests a cluster via self service, a series of automated workflows need to be performed to fulfil this request. The sequence diagram below describes the high level steps.
Important
Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users.
sequenceDiagram
participant dev as Developer
participant rafay as Rafay
participant csp as Host <br>PhoenixNAP
participant idp as Identity Provider
dev->>rafay: New Cluster <br>based Environment
rect rgba(0, 0, 255, .1)
rafay->>rafay: Create custom Blueprint
rafay-->>csp: Create k8s cluster
opt SSO via Identity Provider
rafay-->>idp: Create Group for k8s cluster
rafay-->>idp: Add developer to Group
end
rafay->>rafay: Create Workload on Cluster
rafay->>rafay: Create Group in Rafay
rafay->>rafay: Add Cluster Admin <br>Role to Group
rafay->>rafay: Add User to Group
end
rafay->>dev: Environment Ready
dev-->>rafay: Access/Use Cluster Assumptions¶
- You have access to a PhoenixNAP
- You have access to a Mac or Linux machine
- You have a Git client on your machine that is setup for push/pull
- You have Docker installed on your machine