Add-Ons
All cluster blueprints are comprised of one or more software addons. Cluster admins can assemble one or more addons to create a cluster blueprint. Good candidates for "addons" are software components that are meant to be cluster-wide services or operate invisibly in the background. Some examples are listed below.
- Service Mesh (Istio, Linkerd etc)
- Ingress Controllers (Nginx etc)
- Security Products (StackRox, Twistlock, Sysdig etc)
- Cluster Monitoring (Prometheus, Datadog etc)
- Log Collection (Fluentd etc)
- Backup and Restore (Velero etc)
Important
You can manage the lifecycle of addons using the Web Console or RCTL CLI or REST APIs. It is strongly recommended to automate this by integrating RCTL with your existing CI system based automation pipeline.
Project Scoping¶
By default, addons are NOT "Org wide" resources and are scoped to a Project to guarantee a "hard" isolation boundary. All clusters in a given project can use/leverage blueprints based on the addons in the Project.
RBAC¶
The lifecycle of addons is managed by users with an "infrastructure administrator" role
Package Types¶
Addons can be in either "Helm" charts or "k8s YAML" formats.
k8s YAML¶
Regular, well-structured k8s YAML format is supported
Helm Versions¶
The controller supports Helm packages in both Helm 2 and 3 package formats. With Helm 3, the Controller acts like a Helm 3 client and does not have to parse and break down the chart down to its atomic k8s resources for deployment. Support for Helm 2 in workloads is deprecated and is only meant to be used for legacy charts that are incompatible with Helm 3. Read more about Helm 2 End of Life.
Create Addon¶
Addons can be created in a specific project via multiple mechanisms
- Using the Web Console
- Using the RCTL CLI Utility
- Programmatically using the REST API
Important
With RCTL, the lifecycle management of addons can be quickly and fully automated by embedding RCTL into a pipeline
- Navigate to your Project in your Org
- Select Infrastructure and click Add-Ons
Step 1: New Addon¶
- Click New Add-On and select Bring Your Own for type
- Provide a name, select package type (YAML or Helm 3)
- Specify whether you plan to "Upload files manually" the artifact or have the controller "Pull files from repository"
- Select the namespace where the addon will be deployed on the cluster
In the example below, we are creating an addon for "kubeless" which is packaged as a Kubernetes yaml file. We want to deploy this into a namespace called "kubeless" and we plan to provide the artifact as a k8s yaml file.
Step 2: New Version¶
Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.
- Click on New Version
- Provide the artifact (k8s yaml or Helm chart + values.yaml) for the addon
- Click Edit icon to modify the yaml file
- An Inline Editor appears to make the required changes in the yaml file and click Update
- Click Save Changes
Inline Editor for Add-Ons
During the creation of an add-on, selecting Bring your own type allows to edit the Helm Value files, and K8s Yaml file through the Inline Editor. Selecting Customize System Add-On and Alertmanager type allows to edit the Yaml files through the Inline Editor
Add-On from Catalog¶
Catalog (System Catalog) is a collection of apps that a user can deploy to Kubernetes clusters as a blueprint addon.
Below is an example of creating an Add-On from catalog
- Click the New Add-On drop-down and select Create New Add-On from Catalog
Create New Add-On from Catalog screen appears with a list of catalog
- Select the required catalog and proceed to create an add-on
Refer Catalog for more information
- On successful creation, add-ons are listed with the type Catalog App as shown below.
View Addon Details¶
To view details of an existing addon, click on the addon. In the example below, for the "kubeless" addon, we can see that there are two versions.
Add-ons created from Catalog Type is Catalog App as shown below.
View All AddOns¶
To view all addons in a Project,
- Click on Infrastructure -> Addons
- This will display the entire list of configured addons and associated metadata
An illustrative example is shown below.
Search AddOn¶
For scenarios where organizations have 100s of addons in a project, a facility for "search" is provided to help the user quickly zero in on the addon they are looking for.
Delete Addon¶
If an addon is not required anymore, the admin may wish to delete it from the Project. In the view all addons page, click on the "Delete" icon to delete an existing addon.
Important
An error message will be displayed if the addon is in use with a cluster blueprint.
Drift Detection and Blocking¶
The configuration for addons deployed to remote clusters as part of a cluster blueprint are protected from manual, out of band changes (inadvertent or malicious). The k8s mgmt operator will detect and block any attempts to perform manual changes using Kubectl or Helm.
Debug Addons¶
Infrastructure admins can view the status of each addon using the cluster dashboard on the Web Console. In addition, they also have access to a secure, RBAC controlled, zero trust KubeCTL channel to the remote cluster to perform deep diagnostics.
Zero Trust KubeCTL¶
Click on "KubeCTL" to launch a browser based Zero Trust KubeCTL shell. Alternatively, admins can also download the kubeconfig file and perform the same operations remotely using a KubeCTL CLI.
Note the KubeCTL operations this user can perform is access controlled and secured using the configured ROLE. All actions performed by the user are audited for compliance.
Status By Addon¶
Infrastructure admins can view details about the k8s resources for a given addon on a cluster.
Click on the status link for "Blueprint Sync". This will display a detailed status of each addon in the blueprint on the cluster. In the example below, you can view the details of all the k8s resources for our "apache-helm3" workload.
k8s Resources for Addon¶
- Click on the Cluster Dashboard
- Click on Resources
- Select "Workload" for "View By"
- Select name of "addon"
In the example below, you can view the k8s resources for the Helm 3 based "datadog" addon operational on this cluster.
By Helm Release¶
- Click on the Cluster Dashboard
- Click on Resources
- Select "Helm Releases" for "View By"
In the example below, you can view the details of the "datadog" Helm 3 based addon operational on this cluster.
Create Addon Using Helm Repo¶
Step 1: New Repository¶
- Navigate to your Project in your Org
- Select Integrations and click on Repositories
- Click New Repository
- Provide a name, Select Type (Git or Helm). In this example, we will select Helm
- Click Create
- Configure Endpoint. In this example, we will use "https://charts.jetstack.io"
- Save the changes
Step 2: New Addon¶
- Click on create addon
- Select "Bring Your Own" for type
- Provide a name, select package type (YAML or Helm 3). In this example, we will use Helm3.
- Select "Pull files from repository"
- Select Repository Type as "Helm"
- Select the namespace where the addon will be deployed on the cluster
In the example below, we are creating an addon for "cert-manager" from Cert Manager helm repository.. We want to deploy this into a namespace called "cert-manager".
Step 3: New Version¶
Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.
- Click on New Version
- Specify a version name
- Select the repository created in step1
- Provide the chart name
- Optionally provide a chart version. If not specified, latest version will be pulled
Option A
Click Upload Files to upload the Values File(s) from the system that you want to supply to the chart. Upload is the default selection
Option B
To upload the files stored in any other locations like git repository, perform the below steps:
- Select Override from git repository option
- Enter the Repository name and provide the exact path where the value files are stored
- Mention the Revision (branch name where the value files are located) details
Create Addon Using Git Repo¶
Step 1: New Repository¶
- Navigate to your Project in your Org
- Select Integrations and click on Repositories
- Click New Repository
- Provide a name, Select Type (Git or Helm). In this example, we will select Git
- Click Create
- Configure Endpoint. In this example, we will use "https://github.com/RafaySystems/rafay-cicd-helpers/"
- Save the changes
Step 2: New Addon¶
- Click on create addon
- Select "Bring Your Own" for type
- Provide a name, select package type (YAML or Helm 3). In this example, we will use Helm3.
- Select "Pull files from repository"
- Select Repository Type as "Git"
- Select the namespace where the addon will be deployed on the cluster
In the example below, we are creating an addon for "vault" from a public Git repository.. We want to deploy this into a namespace called "test-dev".
Step 3: New Version¶
Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.
- Click on New Version
- Specify a version name
- Select the repository created in step #1
- Provide the path to helm chart
- Optionally provide a path to custom values file
- Save the changes
Multiple Values Files¶
It's possible to have multiple values files for the same helm chart. For Helm 3 addons created either by Upload files manually or Pull files from Helm Repo, all these values files can be uploaded when creating new version for the addon. They are processed and applied to the chart in the order they are uploaded.
- Click Add Files and upload the values files that you want to supply to the chart.