Skip to content

Overview

Existing brownfield Kubernetes clusters or clusters provisioned using the customer's existing process can be imported into the controller using a "GUI based Wizard" in the Web Console OR "Fully Automated and Embedded" into an pipeline. Once successfully imported, the controller will

  • Provide visibility and monitoring into all aspects of the Kubernetes cluster.
  • Provide users with secure KubeCTL access to the cluster.
  • Manage the lifecycle of workloads on "imported clusters".

Import Process

Users can import existing clusters into their Orgs by deploying the Kubernetes management operator on the clusters. This can be performed either via "kubectl" or "helm"

The image below describes the typical steps that are performed in a sequence to successfully import a cluster into the Controller.

sequenceDiagram
    Admin->>Controller: Download "bootstrap.yaml" 
    Admin->>Cluster: apply "bootstrap.yaml"
    Controller->>Cluster: Provision/Import Cluster (unique token)
    Cluster-->> Rafay Operator: Start Rafay Operator
    Note right of Rafay Operator: Generate CSR (with unique token)
    Rafay Operator-->>Controller: Send CSR
    Note left of Controller: Verify token and Sign CSR
    Controller->> Rafay Operator: Send Signed Certificate
    rect rgb(191, 223, 255)
    Rafay Operator->>+Controller: Establish long running mTLS connection
    Note left of Controller: Only accept connections with valid client certificate
    Controller->>-Rafay Operator: Uses secure connection for cluster operations
    end