Skip to content

Rafay Docs

Home
Home
- Overview
- Key Concepts
- Architecture
- Common Use Cases
- CLI
  CLI
  - Overview
  - AddOns
  - Agents
  - Backup and Restore
  - Blueprints
  - Catalog
  - Clusters
  - Config
  - Credentials
  - Namespaces
  - Overrides
  - Pipelines
  - Policy
  - Projects
  - Repository
  - RBAC
  - Secret Stores
  - Trigger
  - Workloads
- APIs
- Self Hosted Controller
  Self Hosted Controller
  - Overview
  - Configurations
  - Environments
    Environments
    
    Bare Metal/VM
    Bare Metal/VM
    
    Requirements
    
    Installation
    
    AWS EC2
    AWS EC2
    
    Requirements
    
    Installation
    
    Azure AKS
    Azure AKS
    
    Requirements
    
    Installation
    
    Backup and Restore
    
    Google GKE
    Google GKE
    
    Requirements
    
    Installation
  - Upgrades
    Upgrades
    
    1.4.x to 1.5.x
    
    1.5.x to 1.6.x
- Release Notes
  Release Notes
  - 2022
  - 2021
  - 2020
  - 2019
- Bug Fixes
- Partners
  Partners
- Videos
- Contact
Get Started
Get Started
- Overview
- Kubernetes
  Kubernetes
  - Overview
  - Install MicroK8s
  - Kubernetes 101
    Kubernetes 101
    
    Part 1: Using Namespaces
    
    Part 2: Using Pods
    
    Part 3: Using Deployments
    
    Part 4: Using Services
    
    Part 5: Using Ingress
  - Kubernetes 201
    Kubernetes 201
    
    Part 1: Using ConfigMaps
    
    Part 2: Using Secrets
    
    Part 3: Using PV
    
    Part 4: Using PVC
  - Kubernetes 301
    Kubernetes 301
    
    Deployments, StatefulSets, DaemonSets
    
    Part 1: Using StatefulSets
    
    Part 2: Using DaemonSets
- Basics
  Basics
- Amazon EKS
  Amazon EKS
  - EKS Backup/Restore
    EKS Backup/Restore
    
    Overview
    
    Part 1: Setup Environment
    
    Part 2: Create Resources
    
    Part 3: Backup/Restore
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Upgrade
    
    Part 4: Deprovision
  - CloudWatch
    CloudWatch
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Deprovision
  - Cluster Autoscaler
    Cluster Autoscaler
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Provision
    
    Part 4: Workload
    
    Part 5: Deprovision
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
  - GPU
    GPU
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Provision
    
    Part 4: Workload
    
    Part 5: Scaling
    
    Part 6: Deprovision
  - Karpenter
    Karpenter
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
- Amazon EKS Anywhere
  Amazon EKS Anywhere
  - Overview
  - Quick Start
- Azure AKS
  Azure AKS
  - Overview
- GitOps
  GitOps
  - Deployment Strategies
    Deployment Strategies
    
    Overview
    
    Setup
    
    Recreate
    
    Rolling Update
    
    Blue-Green
    
    Canary
  - System Sync
    System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync Blueprint
    
    Part 3: Sync Workload
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
- Policy Management
  Policy Management
  - OPA Gatekeeper
    OPA Gatekeeper
    
    Overview
    
    Part 1: Setup
    
    Part 2: Policy
    
    Part 3: Blueprint
    
    Part 4: Workload
  - Turnkey OPA Policies
    Turnkey OPA Policies
    
    Overview
    
    Part 1: Setup
    
    Part 2: Apply
    
    Part 3: Test
- Zero Trust Kubectl
  Zero Trust Kubectl
- CNCF Recipes
Clusters
Clusters
- Overview
- Metadata
  Metadata
- Amazon EKS
  Amazon EKS
  - Overview
  - Templates
    Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI for Cluster Template
  - Credentials
  - IAM Policy
    IAM Policy
    
    Overview
    
    Full
    
    No VPC
    
    No VPC,IAM
    
    No VPC,IAM, Restrictions
  - Cluster Config
  - CLI
    CLI
    
    Overview
    
    GitOps
    GitOps
    
    Overview
    
    Examples
  - Config Schema
  - Provision
  - IAM Service Accounts
    IAM Service Accounts
    
    Overview
    
    CLI for IRSA
  - CNI Providers
  - Control Plane
  - VPC Networking
    VPC Networking
    
    Overview
    
    Secondary CIDR with VPC
  - Nodegroups
    Nodegroups
    
    Overview
    
    Custom AMI
  - Wavelength Zone
  - AWS Tags
  - Spot Instances
  - Node Labels
  - Visibility and Monitoring
  - RBAC based KubeCTL
  - Deprovision
  - k8s Upgrades
  - AMI Upgrades
  - Audit
  - API
  - Best Practices
  - FAQ
  - Troubleshooting
- Amazon EKS Anywhere
  Amazon EKS Anywhere
  - Overview
  - Quick Start
- Amazon EKS Distro
  Amazon EKS Distro
  - Overview
  - Quick Start
- Azure AKS
  Azure AKS
  - Overview
  - Azure Setup
  - Credentials
  - Provision
  - Node Labels
  - Spot Price
  - Visibility and Monitoring
  - Deprovision
  - K8s Upgrades
  - Audit
  - CLI
    CLI
    
    Overview
    
    GitOps
    GitOps
    
    Overview
    
    Examples
  - Config Schema
- Google GKE
  Google GKE
  - Overview
  - Lifecycle
- Imported
  Imported
- Red Hat Openshift
  Red Hat Openshift
  - Overview
  - Import
  - Blueprints
  - Dashboards
- Upstream Kubernetes
  Upstream Kubernetes
  - Approaches
  - Bare Metal and VMs
    Bare Metal and VMs
    
    Overview
    
    Supported Environments
    
    Configuration
    
    Preflight Checks
    
    Provisioning
  - CLI
  - QCOW Virtual Appliance
    QCOW Virtual Appliance
    
    Overview
    
    Provision
    
    Deprovision
    
    Lifecycle
    
    FAQ
  - OVA Virtual Appliance
    OVA Virtual Appliance
    
    Overview
    
    Provision
    
    Deprovision
    
    Lifecycle
    
    FAQ
  - AWS
    AWS
    
    Credentials
    
    IAM Policy
    
    Steps
  - Equinix Metal
    Equinix Metal
    
    Overview
    
    Provision Servers
    
    Provision Kubernetes
  - GCP
    GCP
    
    Credentials
    
    Steps
  - Developers
    Developers
    
    Overview
    
    Windows
    Windows
    
    Provision
    
    Deprovision
    
    FAQ
    
    macOS
    macOS
    
    Provision
    
    Deprovision
    
    FAQ
  - Master Nodes
  - Worker Nodes
  - Upgrades
  - Storage
  - Troubleshooting
  - Retry and Backoff
  - Reset Node
- Troubleshooting
Dashboards
Dashboards
- Overview
- Organization
- Projects
  Projects
- Cluster
- My Clusters
- Nodes
- Kubernetes Resources
  Kubernetes Resources
  - View/Edit/Delete
  - Create
- Kubernetes Events
- Pod Dashboard
- Container Dashboard
- Configuration
- GPU Dashboard
Catalog
Catalog
Blueprints
Blueprints
- Overview
- Namespaces
  Namespaces
  - Overview
- Add-Ons
- Managed Add-Ons
- Base Blueprints
  Base Blueprints
- Pod Security Policy (PSP)
- Custom Blueprint
- Cluster Fleet Management
- Exceptions
- Disable Default
- Sharing
- Cluster Overrides
- Update Blueprint
- CLI
- API
ZTKA
ZTKA
- Background
- Overview
- KubeCTL
  KubeCTL
  - Browser
  - KubeCTL CLI
- Configuration
- RBAC
- Audit Trail
- Private Kube API Proxy
- FAQ
Policy Mgmt
Policy Mgmt
Workloads
Workloads
- Namespaces
  Namespaces
  - Overview
- Workload Types
  Workload Types
  - Overview
  - Helm Charts
  - k8s YAML
  - Wizard
    Wizard
    
    Overview
    
    Ingress
    
    Containers
    
    Container Registry
    
    Upgrade Strategy
    
    Storage
    
    Policy
    
    Publish
  - VM Wizard
- Zero Trust Debug
  Zero Trust Debug
  - Overview
  - Developer Tools
- Cluster Overrides
- CLI
GitOps
GitOps
- Overview
- Benefits
- Pipelines
- Stages
  Stages
- Triggers
  Triggers
  - Overview
  - Troubleshooting
- Agents
Backup
Backup
- Overview
- Backup Location
  Backup Location
- Credentials
  Credentials
  - Overview
  - AWS
  - Azure
  - S3 Compatible
- Data Agent
- Backup Policy
- Backup Job
- Restore Policy
- Restore Job
- Considerations
Security
Security
- Overview
- Organizations
- Projects
- Users
- MFA
- Groups
- CLI
- Roles
- Cluster Sharing
- Audit Logs
- Compliance
- Vulnerabilities
- CIS Benchmark
- Contact
Integrations
Integrations
- Overview
- Backup And Restore
  Backup And Restore
- Networking
  Networking
  - Overview
- Storage
  Storage
  - Overview
- CI
  CI
  - Overview
  - Common Patterns
  - Jenkins
    Jenkins
    
    Overview
    
    Workload Basics
    
    Workload Wizard
    
    Helm Workloads
    
    YAML Workloads
    
    Provision Upstream k8s
    
    Provision Amazon EKS
  - CircleCI
  - GitLab
  - Azure DevOps
- GSLB
  GSLB
  - DNS based GSLB
- Terraform
  Terraform
  - Overview
- Ingress
  Ingress
  - Background
  - Managed Ingress
- Log Aggregation
  Log Aggregation
- Monitoring
  Monitoring
- Registry
  Registry
  - Overview
- Repositories
  Repositories
- Vault
  Vault
  - Overview
  - Configure Vault
  - Use Vault-Helm/YAML
    Use Vault-Helm/YAML
    
    ENV Variables
    
    Files
    
    Use Vault-Wizard
- CSI driver (Beta)
  CSI driver (Beta)
  - Secret Provider Classes Secret Provider Classes
    Table of contents
    
    Create Service Provider Classes
    
    Edit Secret Store
    
    Wizard
    
    Upload file Manually
    
    Pull from Repository
  - IRSA for AWS Secret Manager
  - Configure AWS Secret Manager
  - CLI
- Sealers
  Sealers
  - Secret Sealer
  - Use Secret Sealer
- SIEM / Audit Logs
  SIEM / Audit Logs
  - Overview
  - DataDog
  - Splunk
- Single Sign On
  Single Sign On
  - Overview
  - AWS SSO
  - Azure AD
  - Duo SSO
  - Google Workspace
  - KeyCloak
  - Okta
  - Ping One
  - CLI
Recipes
Recipes
- Overview
- AlertManager
  AlertManager
  - Slack
  - PagerDuty
  - Opsgenie
- Backup
  Backup
  - CloudCasa
  - Velero
    Velero
    
    Overview
    
    Credentials - IAM Role
    
    Credentials - IAM User
    
    Credentials - MinIO
    
    Use Velero
- Cost Management
  Cost Management
  - Overview
  - Kubecost
- Cert-Manager
  Cert-Manager
- Databases
  Databases
  - Redis
  - InfluxDB
- Functions
  Functions
  - Kubeless
- Governance
  Governance
- GPU
  GPU
- Ingress
  Ingress
  - ALB
    ALB
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Ambassador
  - Citrix
  - Kong
- Load Balancer
  Load Balancer
  - MetalLB
    MetalLB
    
    Overview
    
    Setup
    
    Install
    
    Test
- Log Aggregation
  Log Aggregation
  - Fluent Bit
- Logging
  Logging
  - CloudWatch
  - Elastic Cloud
    Elastic Cloud
    
    Overview
    
    ECK Operator
    
    Elasticsearch
    
    Kibana
    
    Recap
  - OpenSearch
    OpenSearch
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Splunk
  - Sumologic
  - New Relic
- Monitoring
  Monitoring
  - Amazon Prometheus
    Amazon Prometheus
    
    Overview
    
    Create
    
    Configure
    
    Access
  - CloudWatch
  - Datadog Agent
  - Grafana
  - New Relic
  - Prometheus Operator
  - Splunk Connect
- Network Policies
  Network Policies
  - Overview
  - Install
  - Test
- Secrets
  Secrets
  - AWS Secrets Manager
    AWS Secrets Manager
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Hashicorp Vault
  - Sealed Secrets
- Security
  Security
  - Araali
  - Kube-bench
- Service Mesh
  Service Mesh
  - Istio
  - Use Istio
- Storage
  Storage
  - MinIO

Secret Provider Classes

Secret Provider Classes contains the detail of secret provider (AWS) and path/keys to secret.

Create Service Provider Classes¶

Login into the Web Console as a Project Admin
Click on Integrations > Secret Provider Classes
Click New Secret Provider Class
Provide a Name, and select the secret defining type from the drop-down
Select the Provider AWS from the drop-down

Create Vault

Edit Secret Store¶

On creating a secret provider class, click the Edit icon to add the required information

Wizard¶

On selecting the Wizard, enter the required details as shown in the below example and click Save & Exit

Create Vault

Upload file Manually¶

On selecting the Upload file Manually, upload the yaml file and click Save & Exit

Create Vault

Pull from Repository¶

On selecting Pull from Repository, users are allowed to provide the repository name, revision, and yaml file path (git repo path)

Create Vault

Click Save & Exit