Skip to content

Managed Add-Ons

All cluster blueprints are comprised of one or more software addons. Cluster admins can assemble one or more addons to create a cluster blueprint. Good candidates for "addons" are software components that are meant to be cluster-wide services or operate invisibly in the background. Some examples are listed below.

  • Service Mesh (Istio, Linkerd etc)
  • Ingress Controllers (Nginx etc)
  • Security Products (StackRox, Twistlock, Sysdig etc)
  • Cluster Monitoring (Prometheus, Datadog etc)
  • Log Collection (Fluentd etc)
  • Backup and Restore (Velero etc)

Important

You can manage the lifecycle of addons using the Web Console or RCTL CLI or REST APIs. It is strongly recommended to automate this by integrating RCTL with your existing CI system based automation pipeline.

Project Scoping

By default, addons are NOT "Org wide" resources and are scoped to a Project to guarantee a "hard" isolation boundary. All clusters in a given project can use/leverage blueprints based on the addons in the Project.

RBAC

The lifecycle of addons is managed by users with an "infrastructure administrator" role

Package Types

Addons can be in either "Helm" charts or "k8s YAML" formats.

k8s YAML

Regular, well-structured k8s YAML format is supported

Helm Versions

The controller supports Helm packages in both Helm 2 and 3 package formats. With Helm 3, the Controller acts like a Helm 3 client and does not have to parse and break down the chart down to its atomic k8s resources for deployment. Support for Helm 2 in workloads is deprecated and is only meant to be used for legacy charts that are incompatible with Helm 3. Read more about Helm 2 End of Life.

Create Addon

Addons can be created in a specific project via multiple mechanisms

  1. Using the Web Console
  2. Using the RCTL CLI Utility
  3. Programmatically using the REST API

Important

With RCTL, the lifecycle management of addons can be quickly and fully automated by embedding RCTL into a pipeline.

  • Navigate to your Project in your Org
  • Select Infrastructure and click on addons

Step 1: New Addon

  • Click on create addon
  • Select "Bring Your Own" for type
  • Provide a name, select package type (YAML or Helm 3)
  • Specify whether you plan to "upload" the artifact or have the controller "pull" it from a configured repository
  • Select the namespace where the addon will be deployed on the cluster

In the example below, we are creating an addon for "kubeless" which is packaged as a Kubernetes yaml file. We want to deploy this into a namespace called "kubeless" and we plan to provide the artifact as a k8s yaml file.

Create addon

Step 2: New Version

Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.

  • Click on New Version
  • Provide the artifact (k8s yaml or Helm chart + values.yaml) for the addon

Provide Artifact

View Addon Details

To view details of an existing addon, click on the addon. In the example below, for the "kubeless" addon, we can see that there are two versions

View addon details

View All AddOns

To view all addons in a Project,

  • Click on Infrastructure -> Addons
  • This will display the entire list of configured addons and associated metadata

An illustrative example is shown below.

View All addons

Search AddOn

For scenarios where organizations have 100s of addons in a project, a facility for "search" is provided to help the user quickly zero in on the addon they are looking for.

Search Addon

Delete Addon

If an addon is not required anymore, the admin may wish to delete it from the Project. In the view all addons page, click on the "Delete" icon to delete an existing addon.

Important

An error message will be displayed if the addon is in use with a cluster blueprint.

Delete Addon

Drift Detection and Blocking

The configuration for addons deployed to remote clusters as part of a cluster blueprint are protected from manual, out of band changes (inadvertent or malicious). The k8s mgmt operator will detect and block any attempts to perform manual changes using Kubectl or Helm.

Debug Addons

Infrastructure admins can view the status of each addon using the cluster dashboard on the Web Console. In addition, they also have access to a secure, RBAC controlled, zero trust KubeCTL channel to the remote cluster to perform deep diagnostics.

Zero Trust KubeCTL

Click on "KubeCTL" to launch a browser based Zero Trust KubeCTL shell. Alternatively, admins can also download the kubeconfig file and perform the same operations remotely using a KubeCTL CLI.

Addon Status KubeCTL

Note the KubeCTL operations this user can perform is access controlled and secured using the configured ROLE. All actions performed by the user are audited for compliance.

Status By Addon

Infrastructure admins can view details about the k8s resources for a given addon on a cluster.

Blueprint Status

Click on the status link for "Blueprint Sync". This will display a detailed status of each addon in the blueprint on the cluster. In the example below, you can view the details of all the k8s resources for our "apache-helm3" workload.

Detailed Status by Addon

k8s Resources for Addon

  • Click on the Cluster Dashboard
  • Click on Resources
  • Select "Workload" for "View By"
  • Select name of "addon"

In the example below, you can view the k8s resources for the Helm 3 based "datadog" addon operational on this cluster.

Status of Addons

By Helm Release

  • Click on the Cluster Dashboard
  • Click on Resources
  • Select "Helm Releases" for "View By"

In the example below, you can view the details of the "datadog" Helm 3 based addon operational on this cluster.

Status of Addons

Create Addon Using Helm Repo

Step 1: New Repository

  • Navigate to your Project in your Org
  • Select Integrations and click on Repositories
  • Click New Repository
  • Provide a name, Select Type (Git or Helm). In this example, we will select Helm
  • Click Create
  • Configure Endpoint. In this example, we will use "https://charts.jetstack.io"
  • Save the changes

Create Helm Repository for Cert Manager

Step 2: New Addon

  • Click on create addon
  • Select "Bring Your Own" for type
  • Provide a name, select package type (YAML or Helm 3). In this example, we will use Helm3.
  • Select "Pull files from repository"
  • Select Repository Type as "Helm"
  • Select the namespace where the addon will be deployed on the cluster

In the example below, we are creating an addon for "cert-manager" from Cert Manager helm repository.. We want to deploy this into a namespace called "cert-manager".

Create addon

Step 3: New Version

Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.

  • Click on New Version
  • Specify a version name
  • Select the repository created in step #1
  • Provide the chart name
  • Optionally provide a chart version. If not specified, latest version will be pulled.
  • Optionally upload a custom values file
  • Save the changes

Provide Artifact

Create Addon Using Git Repo

Step 1: New Repository

  • Navigate to your Project in your Org
  • Select Integrations and click on Repositories
  • Click New Repository
  • Provide a name, Select Type (Git or Helm). In this example, we will select Git
  • Click Create
  • Configure Endpoint. In this example, we will use "https://github.com/RafaySystems/rafay-cicd-helpers/"
  • Save the changes

Create Helm Repository for Cert Manager

Step 2: New Addon

  • Click on create addon
  • Select "Bring Your Own" for type
  • Provide a name, select package type (YAML or Helm 3). In this example, we will use Helm3.
  • Select "Pull files from repository"
  • Select Repository Type as "Git"
  • Select the namespace where the addon will be deployed on the cluster

In the example below, we are creating an addon for "vault" from a public Git repository.. We want to deploy this into a namespace called "test-dev".

Create addon

Step 3: New Version

Multiple versions/updates of the addon may be required during the life of an addon. Users can manage multiple versions of addons. In the example below, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.

  • Click on New Version
  • Specify a version name
  • Select the repository created in step #1
  • Provide the path to helm chart
  • Optionally provide a path to custom values file
  • Save the changes

Provide Artifact

Multiple Values Files

It's possible to have multiple values files for the same helm chart. For Helm 3 addons created either by Upload files manually or Pull files from Helm Repo, all these values files can be uploaded when creating new version for the addon. They are processed and applied to the chart in the order they are uploaded.

  • Click Add Files and upload the values files that you want to supply to the chart.