Skip to content


This is a reference design and implementation of an environment template to provision self service developer environments within a cluster running on VMware vSphere Infrastructure. This reference design is based on Rafay's Kubernetes Manager and Environment Manager.

Source Code for Template

The Terraform source code and related assets are available in a public Git repo as shown below

Git Repo

Initial Setup

The platform team is responsible for setting up Environment Manager templates within a Rafay project. These templates are designed to help developers easily provision clusters on VMware infrastructure through a simplified self-service process.

        participant plat as Platform Team
        participant rafay as Rafay Environment Manager

        plat->>rafay: Create Developer Project
    plat->>rafay: Setup Environment Template
    plat->>rafay: Share Environment Template with Projects
        rafay-->>plat: Setup Complete


This reference design and implementation guide outlines the process of setting up the Rafay gateway and deploying an upstream Kubernetes cluster within an environment.The gateway instance is to facilitate communication between the private cloud which is VMware vSphere Infrastructure and the Rafay controller. The configuration is tailored for VMware vSphere Infrastructure and utilizes Rafay's Kubernetes Manager and Environment Manager.The Kubernetes cluster will be managed using Rafay's Kubernetes Manager. A number of critical software add-ons will be automatically deployed on the Kubernetes cluster using the specified cluster blueprint. In this example, we automatically configure and deploy a number of Rafay managed add-ons as part of the cluster blueprint.


Environment Request

When a developer initiates a cluster request through self-service, a set of automated workflows are triggered to fulfill this request. The sequence diagram below outlines the high-level steps.


Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users.

    participant dev as Developer
    participant rafay as Rafay
    participant sp as VMware vSphere Infrastructure

    dev->>rafay: Create New VMware-based Environment
    rafay-->>rafay: Create Rafay Project
    rafay-->>rafay: Set User Permissions
    rafay-->>rafay: Creates Rafay Gateway
    rafay-->>sp: Deploy Gateway OVA
    rafay-->>rafay: Create vSphere Credentials
    rafay-->>sp: Create Cluster using vSphere Credentials
    rafay->>dev: Environment Ready
    dev-->>rafay: Deploy Application


  • Access to VMware vSphere Infrastructure is available.
  • Access to any Linux machine within VMware vSphere Infrastructure is required to install the Rafay GitOps Docker agent. This agent facilitates connectivity to the vCenter API, enabling the successful execution of Terraform code.
  • A Git client is installed on the machine and configured for push/pull operations.
  • Docker is installed on the machine.