Skip to content


All cluster blueprints are comprised of one or more software addons. Cluster admins can assemble one or more addons to create a cluster blueprint. Good candidates for "addons" are software components that are meant to be cluster wide services or operate invisibly in the background. Some examples are listed below.

  • Service Mesh (Istio, Linkerd etc)
  • Ingress Controllers (Nginx etc)
  • Security Products (StackRox, Twistlock, Sysdig etc)
  • Cluster Monitoring
  • Log Collection
  • Backup and Restore

Project Scoping

Addons are NOT "Org wide" resources and are scoped to a Project to guarantee a "hard" isolation boundary. All clusters in a given project can use/leverage blueprints based on the addons in the Project.


The lifecycle of addons is managed by users with an "infrastructure administrator" role


You can manage the lifecycle of addons using the Rafay Console or RCTL CLI or REST APIs. It is strongly recommended to automate this by integrating RCTL with your existing CI system based automation pipeline.

Package Types

Addons can be in either "Helm charts" or "k8s YAML" formats.

k8s YAML

Regular, well structured k8s YAML format is supported

Helm Versions

Although Rafay supports both Helm 2 and 3, users are strongly advised to use Helm 3.

Support for Helm 2 in workloads is deprecated and is only meant to be used for legacy charts that are incompatible with Helm 3. Read more about Helm 2 End of Life.

With Helm 3, the Rafay Controller acts like a Helm 3 client (currently v3.3.4). As a result, it does not have to parse and break down the chart down to its atomic k8s resources.

Create Addon

Addons can be created in a specific project via multiple mechanisms

  1. Using the Rafay Console
  2. Using the RCTL CLI
  3. Programmatically using the REST API


With RCTL, the lifecycle management of addons can be quickly and fully automated by embedding RCTL into a pipeline.

  • Navigate to your Project in your Org
  • Select Infrastructure and click on addons

Step 1: New Addon

  • Click on create addon
  • Select "Bring Your Own" for type
  • Provide a name, select package type (YAML or Helm 3), the namespace where this has to be deployed on the cluster

In the example below, we are creating an addon for "kubeless" which is packaged as a yaml file. We want to deploy this into a separate namespace called "kubeless".

Create addon

Step 2: New Version

Multiple versions/updates of the addon may be required during the life of an addon. Versions of addons can be managed.

In our example, for the newly created "kubeless" addon, since no versions are available, the user will be prompted to "create" a new version.

No Versions Found

  • Click on New Version
  • Provide the payload (k8s yaml or Helm chart + values.yaml) for the addon and Save.

Create addon

View Addon Details

To view details of an existing addon, click on the addon

In the example below, for the "kubeless" addon, we can see that there are two versions and the latest version is v1.0.7

View addon details

View All AddOns

To view all addons in a Project,

  • Click on Infrastructure -> Addons
  • This will display the entire list of configured addons and associated metadata

An illustrative example is shown below.

View All addons

Delete Addon

If an addon is not required anymore, the admin may wish to delete it from the Project. In the view all addons page, click on the "Delete" icon to delete an existing addon.


An error message will be displayed if the addon is in use with a cluster blueprint.

Delete Addon

Debug Addons

Infrastructure admins can view the status of each addon using the cluster dashboard on the Rafay Console. In addition, they also have access to a secure, RBAC controlled, zero trust KubeCTL channel to the remote cluster to perform deep diagnostics.

Zero Trust KubeCTL

Click on "KubeCTL" to launch a browser based Zero Trust KubeCTL shell. Alternatively, admins can also download the kubeconfig file and perform the same operations remotely using a KubeCTL CLI.

Addon Status KubeCTL

Note the KubeCTL operations this user can perform is access controlled and secured using the configured ROLE. All actions performed by the user are audited for compliance.

Status By Addon

Infrastructure admins can view details about the k8s resources for a given addon on a cluster.

Blueprint Status

Click on the status link for "Blueprint Sync". This will display a detailed status of each addon in the blueprint on the cluster.

In the example below, you can view the details of all the k8s resources for our "apache-helm3" workload.

Detailed Status by Addon

k8s Resources for Addon

  • Click on the Cluster Dashboard
  • Click on Resources
  • Select "Workload" for "View By"
  • Select name of "addon"

In the example below, you can view the k8s resources for the Helm 3 based "datadog" addon operational on this cluster.

Status of Addons

By Helm Release

  • Click on the Cluster Dashboard
  • Click on Resources
  • Select "Helm Releases" for "View By"

In the example below, you can view the details of the "datadog" Helm 3 based addon operational on this cluster.

Status of Addons