Rafay Product Documentation

Home
Home
- Index
- Overview
  Overview
- Automation
  Automation
  - Overview
  - CLI
    CLI
    
    Overview
    
    Setup
    
    Commands
    Commands
    
    AddOns
    
    Agents
    
    Backup
    
    Blueprints
    
    Blueprint Schema
    
    Catalog
    
    Clusters
    
    Cloud Credentials
    
    Custom ZTKA Access
    
    Groups
    
    IdP/SSO
    
    Namespaces
    
    Namespace Schema
    
    Network Policy
    
    Overrides
    
    Pipelines
    
    Policy
    
    Projects
    
    Registry
    
    Repository
    
    RBAC
    
    Secret Groups
    
    Secret Stores
    
    Templating
    
    Trigger
    
    Users
    
    Workloads
    
    Legacy
    Legacy
    
    Overview
    
    Blueprints
    
    Addons
    
    Agents
    
    Clusters
    
    Credentials
    
    Namespaces
    
    Overrides
    
    Pipeline
    
    Projects
    
    Repository
    
    Trigger
    
    Workloads
  - Terraform Provider
  - APIs
- Clusters
  Clusters
  - Home
  - Overview
  - Metadata
    Metadata
    
    Location
    
    Cluster Labels
    
    Node Labels
    
    Node Taints
    
    Health
  - Amazon EKS Anywhere
    Amazon EKS Anywhere
    
    Bare Metal Provider
    Bare Metal Provider
    
    Overview
    
    Supported Environments
    
    Gateway
    
    Provisioning
    
    Debug
    
    Day-2 Operations
    
    CLI
    
    Deprovision
    
    Config Schema
  - Amazon EKS
    Amazon EKS
    
    Overview
    
    Supported Environments
    
    Pre-requisites
    Pre-requisites
    
    Credentials
    Credentials
    
    Cloud Credentials
    
    IAM Policy & Role Creation in AWS
    
    CNI Providers
    
    VPC Networking
    VPC Networking
    
    Overview
    
    Secondary CIDR with VPC
    
    Custom AWS CNI
    
    IAM Policy
    IAM Policy
    
    Overview
    
    Full
    
    Customer-Managed VPC
    
    Customer-Managed VPC & IAM
    
    Restricted IAM Policies on Tags
    
    Restricted IAM Policy on ARN
    
    Restricted IAM Policies on VPC & Tags
    
    Service Linked IAM Role
    
    EKS Add-Ons
    EKS Add-Ons
    
    Managed Add-Ons
    
    Cluster Configuration
    Cluster Configuration
    
    V3 Config Schema
    
    V1 Config Schema
    
    Cluster Config
    
    AWS Tags
    
    IAM
    IAM
    
    IAM Service Accounts
    IAM Service Accounts
    
    Overview
    
    CLI for IRSA
    
    Identity Mapping
    
    Cross Account ARN
    
    Clusters
    Clusters
    
    Control Plane
    
    Provision
    
    Cluster with IPv6 Configuration
    
    Convert to Managed
    
    Day-2 Operations
    
    Nodegroups
    Nodegroups
    
    Overview
    
    Custom AMI
    
    Wavelength Zone
    
    Spot Instances
    
    Node Labels
    
    AWS Tags
    
    Automation
    Automation
    
    CLI
    
    API
    API
    
    API Functionality & Management
    
    Cluster API
    
    GitOps
    GitOps
    
    Overview
    
    Examples
    
    Terraform
    
    RBAC based KubeCTL
    
    Upgrades
    Upgrades
    
    Upgrade Strategies
    
    k8s Upgrades
    
    AMI Upgrades
    
    Observability
    Observability
    
    Visibility and Monitoring
    
    Audit
    
    Deprovision
    
    Fleet Operations
    
    Cluster Templates
    Cluster Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI for Cluster Template
    
    Diagnose
    Diagnose
    
    Best Practices
    
    FAQ
    
    Troubleshooting
  - Azure AKS
    Azure AKS
    
    Overview
    
    Supported Environments
    
    Pre-requisites
    Pre-requisites
    
    Credentials
    
    Azure Setup
    
    AKS Addons
    
    Config Schema
    
    Restricted Roles & Identities
    
    Clusters
    Clusters
    
    Provision
    
    Azure CNI Overlay
    
    Convert to Managed
    
    Day-2 Operations
    
    Start/Stop Clusters
    
    Nodepools
    Nodepools
    
    Node Labels
    
    Spot Price
    
    Automation
    Automation
    
    Overview
    
    GitOps
    GitOps
    
    Overview
    
    Examples
    
    K8s Upgrades
    
    Observability
    Observability
    
    Visibility and Monitoring
    
    Audit
    
    Deprovision
    
    Fleet Operations
    
    Templates
    Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI for Cluster Template
    
    Troubleshooting
  - Bare Metal/VM
    Bare Metal/VM
    
    Approaches
    
    Overview
    
    Supported Environments
    
    Configuration
    
    Preflight Checks
    
    Provisioning
    
    Config Schema
    
    Master Nodes
    
    Worker Nodes
    
    CLI
    
    Day-2 Operations
    
    Kubernetes Access
    
    Kubernetes Upgrades
    
    Node OS Upgrades
    
    Cluster Certificate Renewal (Manual)
    
    Deprovision
    
    Troubleshooting
    
    Retry and Backoff
    
    Reset Node
    
    Storage
    Storage
    
    Add Storage
    
    Zero Trust Host Access
    Zero Trust Host Access
    
    Overview
    
    Examples
    Examples
    
    Single Command-Node
    
    Multiple Command-Node
    
    Command-Cluster
    
    Command History
    
    Knowledge Base Articles
  - Edge
    Edge
    
    Overview
    
    Simulator
  - Equinix Metal
    Equinix Metal
    
    Overview
    
    Provision Servers
    
    Provision Kubernetes
  - Google GKE
    Google GKE
    
    Overview
    
    Supported Environments
    
    Templates
    Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI
    
    GCP Configuration
    
    Credentials
    
    Clusters
    Clusters
    
    Provisioning
    
    Shared VPC Network
    
    GPU Config
    
    Reservation Affinity
    
    Provisioning Explained
    
    Day-2 Operations
    
    preBootstrapCommands
    
    Automation
    Automation
    
    API
    
    CLI
    
    V3 API Config Schema
    
    V2 API Config Schema
    
    Scale Nodes
    
    Upgrade K8s
    
    Deprovision
    
    Troubleshooting
  - Imported
    Imported
    
    Overview
    
    Cluster Import Wizard
    
    Declarative
    
    Analysis
    
    Import Failures
    
    Remove Operator
    
    EKS Add-on
    
    Troubleshooting
  - Open Stack
    Open Stack
    
    Overview
    
    Provision
    
    Deprovision
    
    Lifecycle
    
    FAQ
  - RedHat OpenShift
    RedHat OpenShift
    
    Overview
    
    Provision
    
    Import
    
    Blueprints
    
    Dashboards
  - Virtual Appliance
    Virtual Appliance
    
    Overview
    
    Provision
    
    Deprovision
    
    Lifecycle
    
    vSphere Example
    
    SSH Example
  - VMware vSphere
    VMware vSphere
    
    Overview
    
    Supported Environments
    
    Network Segment
    
    Gateway
    
    Credentials
    
    vSphere Account permissions
    
    Provisioning
    
    Custom OS Image
    
    CLI
    
    Config Schema
    
    K8s Upgrades
    
    Scale Nodes
    
    Machine Health Check
    Machine Health Check
    
    Overview
    
    Add Health Check
    
    CLI
    
    Troubleshooting
    
    Troubleshooting
- Cluster Templates
  Cluster Templates
  - Overview
- Fleet Operations
  Fleet Operations
  - Overview
  - Create Plan
  - Automation
  - Config Samples
  - Reference Implementation
    Reference Implementation
    
    Amazon EKS
    Amazon EKS
    
    EKS-1.23
    
    EKS-1.24
  - Troubleshooting
- Multi Tenancy
  Multi Tenancy
  - Overview
  - Hard Tenancy
  - Projects
    Projects
    
    Overview
    
    Description
    
    Project Tags
    
    Resource Quotas
    
    Cluster Sharing
    
    CLI
  - Soft Tenancy
    Soft Tenancy
    
    Workspace Role
    
    Namespace
    Namespace
    
    Overview
    
    Management
    
    Reconciliation
    
    CLI
- Services
  Services
  - Overview
  - Backup and Restore
    Backup and Restore
    
    Overview
    
    API
    
    CLI
    
    Backup Location
    Backup Location
    
    Overview
    
    AWS S3 Bucket
    
    Azure Blob Storage
    
    S3 Compatible Storage
    
    Credentials
    Credentials
    
    Overview
    
    AWS
    AWS
    
    Credentials
    
    Backup & Restore using IRSA
    
    Azure
    
    S3 Compatible
    
    Data Agent
    
    Backup Policy
    
    Backup Job
    
    Restore Policy
    
    Restore Job
    
    Considerations
  - Blueprints
    Blueprints
    
    Overview
    
    Custom Add-Ons
    
    Managed Add-Ons
    Managed Add-Ons
    
    Overview
    
    Ingress Controller
    Ingress Controller
    
    Background
    
    Managed Ingress
    
    Blueprint Types
    Blueprint Types
    
    Default System Blueprints
    Default System Blueprints
    
    Overview
    
    Minimal Blueprint
    
    Standard Default Blueprint
    
    Default AKS
    
    Default GKE
    
    Default Openshift
    
    Default Upstream
    
    Custom and Golden Blueprints
    Custom and Golden Blueprints
    
    Custom Blueprint
    
    Golden Blueprint
    
    Cluster Fleet Management
    
    Sharing
    
    Cluster Overrides
    Cluster Overrides
    
    Overview
    
    Workflow
    
    Managed Components
    
    Built-in variables
    
    Update Blueprint
    
    Pod Security Policy (EOL)
    
    Troubleshooting
    
    CLI
    CLI
    
    Blueprint CLI
    
    Add-Ons CLI
    
    API
  - Catalog
    Catalog
    
    Overview
    
    Manage Catalogs
    
    CLI
  - Cost Management
    Cost Management
    
    Overview
    
    Cost Profiles
    
    Cloud Credentials
    
    AWS Integration
    
    Azure Integration
    
    Visibility
    
    Chargeback/Showback
    
    Explorer
    
    CLI
    CLI
    
    Profiles
    
    Chargeback Groups
  - GitOps (Apps & Infra)
    GitOps (Apps & Infra)
    
    Overview
    
    Benefits
    
    Pipelines
    
    Stages
    Stages
    
    Overview
    
    Approval
    
    Deploy Workload
    
    Infra Provisioner
    Infra Provisioner
    
    Overview
    
    CLI
    
    System Sync
    
    Workload Template
    
    Triggers
    Triggers
    
    Overview
    
    Troubleshooting
    
    Secret Groups
    Secret Groups
    
    Pipeline Secret Groups
    
    CLI
    
    Agents
  - Network Policy
    Network Policy
    
    Background
    
    Overview
    
    Installation Profiles
    
    Network Policy Rules
    Network Policy Rules
    
    Overview
    
    Cluster-Wide Network Policy Rules
    
    Namespace Network Policy Rules
    
    Cluster-Wide Network Policies
    
    Namespace Network Policies
    
    Network Visibility (EOL)
    
    CLI
  - Policy Mgmt
    Policy Mgmt
    
    Overview
    
    Installation Profiles
    
    Constraint Templates
    
    Constraints
    
    Policies
    
    Policy Violations
    
    Visibility
    
    CLI
  - Secrets Management
    Secrets Management
    
    AWS Secrets Manager
    AWS Secrets Manager
    
    Secrets Store Add-on
    
    Secret Provider Classes
    
    Configure IRSA
    
    Annotations
    
    CLI
    
    HashiCorp Vault
    HashiCorp Vault
    
    Overview
    
    Configure Vault
    
    Use Vault-Helm/YAML
    Use Vault-Helm/YAML
    
    ENV Variables
    
    Files
    
    Use Vault-Wizard
    
    Sealers
    Sealers
    
    Secret Sealer
    
    Use Secret Sealer
  - Visibility & Monitoring
    Visibility & Monitoring
    
    Visibility
    Visibility
    
    Overview
    
    Organization
    
    Projects
    
    Cluster
    
    My Clusters
    
    Nodes
    
    Kubernetes Resources
    Kubernetes Resources
    
    View/Edit/Delete
    
    Create
    
    Kubernetes Events
    
    Pod Dashboard
    
    Container Dashboard
    
    Configuration
    
    GPU Dashboard
    
    Monitoring
    Monitoring
    
    Overview
    
    Alerts
    
    Notifications
    
    Custom Metrics HPA
  - Zero Trust Kubectl
    Zero Trust Kubectl
    
    Background
    
    Overview
    
    KubeCTL
    KubeCTL
    
    Browser
    
    KubeCTL CLI
    
    Configuration
    
    RBAC
    
    Audit Trail
    
    Private Kube API Proxy
    
    FAQ
  - Rafay CoPilot
    Rafay CoPilot
    
    Overview
    
    FAQ
- App Deployments
  App Deployments
  - Overview
  - Kubectl
  - Helm
  - MySQL
  - Workloads
    Workloads
    
    Overview
    
    Helm Charts
    
    k8s YAML
    
    Registry
    Registry
    
    Overview
    
    System Registry
    
    Repositories
    Repositories
    
    Overview
    
    Public Repos
    
    Private Repos
    
    Lifecycle
    
    Agents
    
    Wizard
    Wizard
    
    Overview
    
    Ingress
    
    DNS based GSLB
    
    Containers
    
    Container Registry
    
    Upgrade Strategy
    
    Storage
    
    Policy
    
    Publish
    
    Certificate
    Certificate
    
    Overview
    
    New Certificate
    
    Cluster Overrides
    
    CLI
    
    Zero Trust Debug
    Zero Trust Debug
    
    Overview
    
    Developer Tools
    
    Continuous Integration
    Continuous Integration
    
    Overview
    
    Common Patterns
    
    Jenkins
    Jenkins
    
    Overview
    
    Workload Basics
    
    Workload Wizard
    
    Helm Workloads
    
    YAML Workloads
    
    Provision Upstream k8s
    
    Provision Amazon EKS
    
    CircleCI
    
    GitLab
    
    Azure DevOps
  - Integrated GitOps
  - 3rd Party GitOps
    3rd Party GitOps
    
    ArgoCD
- Backstage
  Backstage
  - Overview
  - Workflow
  - Setup
  - Templates
    Templates
    
    Environments
    Environments
    
    Create
    
    Clusters
    Clusters
    
    Create
    
    Register Existing
    
    Edit Template
    
    Namespaces
    Namespaces
    
    Create
    
    Register Existing
    
    Edit Template
    
    Workloads
    Workloads
    
    Create
  - Entity Cards
  - Delete Plugins
- Environment Manager
  Environment Manager
  - Overview
  - Workflow
  - Templates
    Templates
    
    Contexts
    
    Static Resource
    
    Resource Template
    
    Environment Template
    
    Drivers
    
    Example Templates
  - Configuration Parameters
    Configuration Parameters
    
    Expressions
    
    Volume
  - Create Environment
  - RBAC
  - GitOps
  - Cost Estimation
  - Security Scanning
  - TFE/TFC integration
  - Loader Utility
- User Management
  User Management
  - Overview
  - Users
  - MFA
  - Groups
  - CLI
  - Roles
    Roles
    
    Base Roles
    
    Custom ZTKA access
    Custom ZTKA access
    
    Overview
    
    Rules
    
    Policies
    
    Attribute based access
    Attribute based access
    
    Overview
    
    Rules
    
    Policies
    
    Examples
    
    Common Scenarios
    
    Custom Roles
  - Single Sign On
    Single Sign On
    
    Overview
    
    ADFS
    
    AWS SSO
    
    Azure AD
    
    Duo SSO
    
    Google Workspace
    
    KeyCloak
    
    Okta
    
    Ping One
    
    CLI
    
    Webhooks
  - Multiple Orgs
- Security
  Security
  - Overview
  - White Listing
  - Audit Logging
  - Audit Log Aggregation
    Audit Log Aggregation
    
    Overview
    
    CloudWatch
    
    DataDog
    
    Splunk
    
    SumoLogic
  - Compliance
  - Vulnerabilities
  - CIS Benchmark
  - Contact
- Self Hosted Controller
  Self Hosted Controller
  - Overview
  - Environments
- Support Matrix
  Support Matrix
- Partners
  Partners
Get Started
Get Started
- Home
- Overview
- Access Control
  Access Control
  - IDP RBAC
    IDP RBAC
    
    Overview
    
    Alerts
    
    Notifications
- Alerts & Notifications
  Alerts & Notifications
  - Alerts
  - Notifications
- Amazon EKS
  Amazon EKS
  - Home
  - Backup/Restore
    Backup/Restore
    
    Overview
    
    Part 1: Setup Environment
    
    Part 2: Create Resources
    
    Part 3: Backup/Restore
  - Blue/Green Upgrade
    Blue/Green Upgrade
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Workload
    
    Part 4: Deprovision
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Prerequisites
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Node Group
    
    Part 4: Upgrade
    
    Part 5: Deprovision
  - Cluster Templates
    Cluster Templates
    
    Overview
    
    Part 1: Setup
    
    Part 2: Utilize
  - CloudWatch
    CloudWatch
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Deprovision
  - Cluster Autoscaler
    Cluster Autoscaler
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Provision
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Custom Networking
    Custom Networking
    
    Overview
    
    Provision
    
    Deploy Workload
    
    Deprovision
  - EFS
    EFS
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
  - Fleet for EKS
    Fleet for EKS
    
    Overview
    
    Part 1: Create & Execute
    
    Part 2: Stop & Delete
  - External DNS
    External DNS
    
    Overview
    
    Part 1: Provision
    
    Part 2: Blueprint
    
    Part 3: Workload
    
    Part 4: Deprovision
  - Fargate
    Fargate
    
    Overview
    
    Provision
    
    Deploy Workload
    
    Deprovision
  - GitOps
    GitOps
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Pipeline
    
    Part 4: Utilize
    
    Part 5: Deprovision
  - GPU
    GPU
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Graviton
    Graviton
    
    Overview
    
    Provision
    
    Deploy Workload
    
    Deprovision
  - Karpenter
    Karpenter
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Secrets Manager
    Secrets Manager
    
    Overview
    
    Part 1: Provision
    
    Part 2: Blueprint
    
    Part 3: Workload
    
    Part 4: Deprovision
  - Spot Instances
    Spot Instances
    
    Overview
    
    Part 1: Provision
    
    Part 2: Deprovision
  - Takeover
    Takeover
    
    Overview
    
    Import & Takeover
    
    Lifecycle Operations
    
    Deprovision
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
  - Triton
    Triton
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Windows
    Windows
    
    Overview
    
    Part 1: Provision
    
    Part 2: Workload
    
    Part 3: Deprovision
- Amazon EKS Anywhere
  Amazon EKS Anywhere
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Provision
    
    Part 2: Deprovision
- App Lifecycle
  App Lifecycle
  - Workload Lifecycle
    Workload Lifecycle
    
    Overview
    
    Part 1: YAML
    
    Part 2: Helm
    
    Part 3: Update
  - Multi Stage GitOps Pipeline
    Multi Stage GitOps Pipeline
    
    Overview
    
    Part 1: Setup
    
    Part 2: Deploy
    
    Part 3: Pipeline
    
    Part 4: Update
  - Troubleshooting
    Troubleshooting
    
    Overview
    
    Scenario 1: Misconfigured Requests
    
    Scenario 2: Incorrect Container Image
  - Progressive Rollouts
    Progressive Rollouts
    
    Overview
    
    Blue/Green
    Blue/Green
    
    Overview
    
    Blue/Green
    
    Canary
    Canary
    
    Overview
    
    Canary
- Azure AKS
  Azure AKS
  - Home
  - Backup/Restore
    Backup/Restore
    
    Overview
    
    Part 1: Setup Environment
    
    Part 2: Create Resources
    
    Part 3: Backup/Restore
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Prerequisites
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Node Pool
    
    Part 4: Upgrade
    
    Part 5: Deprovision
  - Cluster Takeover
    Cluster Takeover
    
    Overview
    
    Part 1: Provision
    
    Part 2: Deprovision
  - Cluster Templates
    Cluster Templates
    
    Overview
    
    Part 1: Setup
    
    Part 2: Utilize
  - GPU
    GPU
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
- Basics
  Basics
- Blueprints
  Blueprints
  - Blueprint Lifecycle
    Blueprint Lifecycle
    
    Overview
    
    Part 1: Create
    
    Part 2: Update
    
    Part 3: Monitor
  - Add-Ons and Overrides
    Add-Ons and Overrides
    
    Overview
    
    Part 1: Create
    
    Part 2: Utilize
  - Drift Detection
    Drift Detection
    
    Overview
    
    Part 1: Detect
    
    Part 2: Block
  - Namespace Synchronization
    Namespace Synchronization
    
    Overview
    
    Part 1: Create
    
    Part 2: Manage
- Cost Management
  Cost Management
- Environment Manager
  Environment Manager
  - AWS
    AWS
    
    Basics
    Basics
    
    EC2
    EC2
    
    Overview
    
    Setup
    
    Provision
    
    ECS
    ECS
    
    Overview
    
    Setup
    
    Provision
  - Azure
    Azure
    
    Basics
    Basics
    
    Overview
    
    Setup
    
    Provision
  - GCP
    GCP
    
    Basics
    Basics
    
    Overview
    
    Setup
    
    Provision
- GitOps
  GitOps
  - AKS System Sync
    AKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
  - Deployment Strategies
    Deployment Strategies
    
    Overview
    
    Setup
    
    Recreate
    
    Rolling Update
    
    Blue-Green
    
    Canary
  - System Sync
    System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync Blueprint
    
    Part 3: Sync Workload
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
- Google GKE
  Google GKE
  - Home
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Upgrade
    
    Part 4: Deprovision
  - Cluster Templates
    Cluster Templates
    
    Overview
    
    Part 1: Setup
    
    Part 2: Utilize
  - GKE System Sync
    GKE System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
- Kubernetes
  Kubernetes
  - Overview
  - Install MicroK8s
  - Kubernetes 101
    Kubernetes 101
    
    Part 1: Using Namespaces
    
    Part 2: Using Pods
    
    Part 3: Using Deployments
    
    Part 4: Using Services
    
    Part 5: Using Ingress
  - Kubernetes 201
    Kubernetes 201
    
    Part 1: Using ConfigMaps
    
    Part 2: Using Secrets
    
    Part 3: Using PV
    
    Part 4: Using PVC
  - Kubernetes 301
    Kubernetes 301
    
    Deployments, StatefulSets, DaemonSets
    
    Part 1: Using StatefulSets
    
    Part 2: Using DaemonSets
  - Kubernetes 401
    Kubernetes 401
    
    Part 1: Using Port-Forward
- Multi-tenancy
  Multi-tenancy
- Network Policy
  Network Policy
- OpenShift
  OpenShift
- Policy Management
  Policy Management
  - OPA Gatekeeper
    OPA Gatekeeper
    
    Overview
    
    Part 1: Setup
    
    Part 2: Policy
    
    Part 3: Blueprint
    
    Part 4: Workload
  - Turnkey OPA Policies
    Turnkey OPA Policies
    
    Overview
    
    Part 1: Setup
    
    Part 2: Apply
    
    Part 3: Test
- Troubleshooting
  Troubleshooting
  - Workloads
    Workloads
    
    Overview
    
    Scenario 1: Misconfigured Requests
    
    Scenario 2: Incorrect Container Image
- Upstream MKS
  Upstream MKS
  - Home
  - Backup/Restore
    Backup/Restore
    
    Overview
    
    Part 1: Setup Environment
    
    Part 2: Create Resources
    
    Part 3: Backup/Restore
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Upgrade
    
    Part 4: Deprovision
  - GPU
    GPU
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Workload
  - Managed Storage
    Managed Storage
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Utilize
    
    Part 4: Expand
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
  - Windows
    Windows
    
    Overview
    
    Part 1: Provision
    
    Part 2: Workload
    
    Part 3: Deprovision
- VMware vSphere
  VMware vSphere
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Scale
    
    Part 4: Upgrade
    
    Part 5: Deprovision
- Virtual Machines
  Virtual Machines
  - KubeVirt
    KubeVirt
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Deploy VM
- Zero Trust Kubectl
  Zero Trust Kubectl
  - Overview
  - Controlled Access
  - Break Glass
  - Audit Logs Audit Logs
    Table of contents
    
    What Will You Do
    
    Audit log entry for Role Association
    
    Audits of kubectl commands run by the Namespace Admin
    
    Audits for enabling/disabling kubectl access for the cluster
    
    Recap
Recipes
Recipes
- Overview
- Contributors
- AI/ML
  AI/ML
  - Overview
  - K8sGPT
    K8sGPT
    
    Overview
    
    Configure
    
    Test
  - Kuberay
    Kuberay
    
    Overview
    
    Configure
    
    Test
- AlertManager
  AlertManager
- Backup
  Backup
  - CloudCasa
  - Velero
    Velero
    
    Overview
    
    Credentials - IAM Role
    
    Credentials - IAM User
    
    Credentials - MinIO
    
    Use Velero
- Cost Management
  Cost Management
  - Overview
  - Kubecost
  - StormForge
    StormForge
    
    Overview
    
    Configure
- Cert-Manager
  Cert-Manager
- Databases
  Databases
  - Redis
  - InfluxDB
- Developer Self-Service
  Developer Self-Service
  - Backstage
  - Vclusters
- Edge
  Edge
  - Zededa
    Zededa
    
    Overview
    
    Import Cluster
    
    Provision Cluster
- Functions
  Functions
  - Kubeless
- Governance
  Governance
  - OPA Gatekeeper
    OPA Gatekeeper
    
    Overview
    
    Policies
    
    Examples
    Examples
    
    Container without limits configured
    
    Container without probes configured
    
    Pull container images from only ECR registry
    
    Unique Service Selector
    
    Unique Ingress Host
    
    Run Containers only with selective users
  - Kyverno
    Kyverno
    
    Overview
    
    Policies
- GPU
  GPU
- Ingress
  Ingress
  - ALB
    ALB
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Ambassador
  - Citrix
  - Kong
    Kong
    
    Install Kong
    
    Enable Monitoring
    
    Enable Logging
    
    Sample Application
  - NGINX
    NGINX
    
    Overview
    
    Create Blueprint
    
    Test Workload
  - ngrok
  - Traefik
- Load Balancer
  Load Balancer
  - MetalLB
    MetalLB
    
    Overview
    
    Create
    
    Configure
    
    Access
- Logging
  Logging
  - CloudWatch
  - OpenSearch
    OpenSearch
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Splunk
  - Splunk Otel Collector
  - Sumologic
  - New Relic
- Monitoring
  Monitoring
  - Amazon Prometheus
    Amazon Prometheus
    
    Overview
    
    Create
    
    Configure
    
    Access
  - CloudWatch
  - Datadog Agent
  - Dynatrace
  - Grafana
  - New Relic
  - OpsVerse Agent
  - Prometheus Operator
  - Splunk Connect
  - Splunk Otel Collector
- Network Policy
  Network Policy
  - Overview
  - Calico
    Calico
    
    Install
    
    Test
  - Cilium
    Cilium
    
    AWS CNI
    
    Azure Overlay CNI
- Secrets
  Secrets
  - AWS Secrets Manager
    AWS Secrets Manager
    
    Overview
    
    Create
    
    Configure
    
    Access
  - External Secrets
    External Secrets
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Hashicorp Vault
    Hashicorp Vault
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Sealed Secrets
- Security
  Security
  - Araali
  - Kube-bench
  - Trivy
- Service Mesh
  Service Mesh
  - Istio
    Istio
    
    Overview
    
    Use Istio
  - Linkerd
    Linkerd
    
    Overview
    
    Use Linkerd
- Storage
  Storage
  - MinIO
  - Ondat
  - Portworx
- Tracing
  Tracing
  - OpenTelemetry
    OpenTelemetry
    
    Overview
    
    Configure
    
    Test
- Troubleshooting
  Troubleshooting
  - Sosivio
Reference Templates
Reference Templates
- Overview
- About
- AI & GenAI
- CaaS
- Multi Tenancy
- Cluster as Service
  Cluster as Service
  - Overview
  - Amazon EKS
    Amazon EKS
    
    Env Manager
    Env Manager
    
    Overview
    
    Setup
    
    Provision
    
    Terraform
    Terraform
    
    Overview
    
    Prerequisites
    
    Provision
    
    Day-2
    
    Deprovision
  - Amazon ECS
    Amazon ECS
    
    Overview
    
    Setup
    
    Use
  - Azure AKS
    Azure AKS
    
    Terraform
    Terraform
    
    Overview
    
    Prerequisites
    
    Provision
    
    Day-2
    
    Deprovision
  - Google GKE
    Google GKE
    
    Overview
    
    Setup
    
    Use
  - Oracle OKE
    Oracle OKE
    
    Overview
    
    Setup
    
    Use
  - PhoenixNAP
    PhoenixNAP
    
    Overview
    
    Setup
    
    Use
  - VMware
    VMware
    
    Overview
    
    Setup
    
    Use
- Gen AI/AI
  Gen AI/AI
  - Overview
  - Amazon ECS
    Amazon ECS
    
    Overview
    
    Setup
    
    Use
  - Amazon EKS
    Amazon EKS
    
    Overview
    
    Setup
    
    Use
  - JupyterHub as Service
    JupyterHub as Service
    
    Overview
    
    Setup
    
    Use
  - Kubeflow on EKS
    Kubeflow on EKS
    
    Overview
    
    Setup
    
    Provision
- Multitenancy
  Multitenancy
  - Overview
  - Namespace as Service
    Namespace as Service
    
    Overview
    
    Setup
    
    Use
  - Workspace as Service
    Workspace as Service
    
    Overview
    
    Setup
    
    Use
  - vClusters
    vClusters
    
    Overview
    
    Setup
    
    Use
Releases
Releases
- Overview
- Release Info
- Production-SaaS
  Production-SaaS
  - 2024
    2024
    
    Apr
    
    Mar
    
    Feb
    
    Jan
  - 2023
    2023
    
    Dec
    
    Nov
    
    Oct
    
    Sept
    
    Aug
    
    July
    
    June
    
    May
    
    Apr
    
    Mar
    
    Feb
    
    Jan
  - 2022
  - 2021
  - 2020
  - 2019
- Preview-SaaS
  Preview-SaaS
  - Overview
Blog
Blog
Contact
Contact
- Email
- Slack
Open Source
Open Source
- Open Source

Audit Logs

What Will You Do¶

In this part of the self-paced exercise, you will review the audit logs generated by actions performed as part of Part 1 and Part 2 of the exercise.

Every single user action (Role association, configuration changes, kubectl access for both browser and CLI) is recorded and preserved for audit purposes. Audits are available at Home -> SYSTEM -> Audit Logs and are categorized into:

SYSTEM (Examples: Role association, change in kubectl access configuration)
KUBECTL (Browser based and CLI access)
OPA (Gatekeeper related)

Audit log entry for Role Association¶

RBAC

Audits of kubectl commands run by the Namespace Admin¶

kubectl commands

Audits for enabling/disabling kubectl access for the cluster¶

kubectl commands

Recap¶

Congratulations! You have successfully configured kubectl access settings, implemented break glass process for temporary kubectl access and reviewed Audit logs through this 3 part exercise