Operations

White Labeled partners and operators have access to a Multi Tenant Operations Console for visibility and administrative operations. Partners also have access to Swagger based APIs to programmatically interact with the controller.

Organizations¶

An Organization is an isolated tenant on the controller managed by a partner. An Org typically maps to a customer. After logging into the Operations Console, click on Organizations to view the list of organizations. A partner/provider can manage as many organizations as they require.

Create Org¶

Sign up for Organization is available in three (3) ways:

1. Using the Swagger based REST APIs

Login to the console and click API DOCS from the Home page menubar

API DOCS

Platform API screen appears

Under Organization, use the available REST APIs to signup for new organization(s)

API DOCS

2. Self-service Sign up

A self-service signup page is available for the end users to sign up for a new organization

Sign-up Page

Click SIGN UP and provide the required details
Click Register

Sign-up Details

On successful registration, the user will receive a verification email on the given email id. A non-existing user will receive an email with a random password, whereas the existing users will receive successful org creation email

These Organizations need to be reviewed and approved by a Partner Admin before they are considered active

Important

Super Admin can enable or disable the Self Signup option via Ops Console

3. Register to Add Organization

Add Organization button is available in the Ops Console for Super Admins

Login to the Operations Console and click Add Organization
Provide the required details and click Register

Add Organization

On successful registration, user will receive a verification email.

View Org¶

Click on Organizations to view the list of Organizations under management by the Partner/Provider.

List of Organizations

Search Options¶

There are multiple search options provided allowing the user to quickly search and list the organizations that match the specified criteria.

Search by Name: Provide the Organization name to get a specific Organization details
Filter by Status: Select the status, Approved (or) Approval Pending from the drop-down and retrieve the required organization status
Filter by Partner: Select a partner from the drop-down to view all the organizations available with a specific partner

Update Org¶

Partner Admins can update an Org using the Operations Console.

Click on an Org and use the Edit icon to perform any changes in the existing organization. The following changes can be made to an existing Org.

Settings¶

Tier Type: Select Free (or) POC (or) Paid. Type Free is the default selection
- MFA: Enable or disable the Multi-Factor Authentication (MFA) option
- ABAC: Enable or disable the Attribute-Based Access Control (ABAC) option
- IPv6 Enabled: Enable or disable the IPv6 Enabled option to facilitate seamless connectivity, scalability, and improved network performance
- Registry FQDN: Registry FQDN is a custom registry FQDN for an organization from where the cluster pulls Rafay images. To enable users to pull images from their own repositories/registries, a new configuration option is being introduced in the Ops Console on a per-organization basis. Users are required to create a folder named 'rafay' within their registry and place the necessary images there. The registry domain name should then be shared with Rafay for configuration. This ensures that when creating cluster, blueprint sync or any clusters operations occurs within the organization, all required images are fetched from the specified registry's 'rafay' folder instead of the Rafay registry. It's crucial to maintain synchronization between the user's registry and Rafay's registry, ensuring consistency in directory paths and other configurations. By providing this flexibility at the organization level and adhering to the 'rafay' folder structure, users can seamlessly utilize their own resources.

List of Organizations

Click Save Changes

Users can verify the custom registry configuration and workload images, as demonstrated in the examples below.

Verify Custom Registry Configuration

Below is an example where Custom Org is configured to use the custom registry FQDN demouser1.registry.net. This will check the bootstrap YAML file to ensure that all specified Rafay service images are correctly listed and sourced from the appropriate user registry, verifying that the deployment configuration is accurate and ready for execution.

cat ~/Downloads/customorg-cluster-1-bootstrap.yaml | grep 'image:'
image: demouser1.registry.net/rafay/rafay-relay-agent-redhat:master-84
image: demouser1.registry.net/rafay/busybox:1.33
image: demouser1.registry.net/rafay/cluster-controller:master-32
image: demouser1.registry.net/rafay/rafay-connector:master-89

Verify Rafay Workloads from Custom Registry

For example, as part of the initial cluster provisioning with a minimal blueprint, the provisioning and blueprint synchronization are successful.

In this example, the organization has a custom registry configured as demouser1.registry.net. All Rafay addons are pulled from this configured custom registry.

To verify the images, run the following command:

kubectl get pods -n rafay-system -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c
demouser1.registry.net/rafay/busybox:1.33
demouser1.registry.net/rafay/cluster-controller:master-32
demouser1.registry.net/rafay/edge-client:main-34
demouser1.registry.net/rafay/rafay-connector:master-89
demouser1.registry.net/rafay/rafay-relay-agent:master-83

__

Users¶

Add Users to an organization or view the existing user details of a specific organization

List of Organizations

Feature Capabilities¶

At the org level, default capability options (enable/disable) can be set. Enable/disable Overrides are available and these override the default capability option

List of Organizations

Deactivate Org¶

Click Deactivate button to deactivate the organization. This blocks all the users within this organization from accessing it. A good example for this action is when an end customer is delinquent on their payments.

Note: Only the Approved organization can be deactivated

Click Save Changes

Operations Console UI

Delete Org¶

Existing Organizations can be deleted permanently if required. Note that this is a destructive, non-reversible action.

Users¶

As a best practice, we recommend that partners and providers have at least two "partner admins" configured for their Ops Console. This will ensure that they minimize the chance of getting locked out of their console in situations where one of the partners is no longer available or has misplaced their credentials.

Add User¶

An existing partner admin can add/invite another user as a partner admin.

Click on Users
Click on New User
Enter the email address, first and last name, select partner admin from the dropdown.

The new user will receive an activation email. Once they verify their email address, they will be asked to set a password and will have access to the Operations Console.

Add Partner Admin User

When adding an existing users to an org, email verification happens. For non-verified emails, users must verify the email id to access the console.

View User¶

To view all users configured to access the Operations Console, click on "Users". This will present you with list of users, their status etc.

View Users

Deactivate User¶

User access to the Operations Console can be temporarily suspended by deactivating the user.

Click on Actions for the specific user
Select "Deactivate" from the action dropdown

Follow the same steps to reactivate the deactivated user.

Delete User¶

Users can be permanently deleted from the Operations Console. Once performed, they will no longer be able to access the console.

Click on Actions for the specific user
Select "Delete" from the dropdown actions

Audit Logs¶

An audit trail is available for activity performed by users on the Operations Console. Click on Audit Logs to view the logs in a reverse chronological format.

Audit Logs