Skip to content

Overview

This is a reference design and implementation based on Rafay Environment Manager using Terraform IaC sourced from a Git repository. You will setup and use Environment Manager to build and manage operating environments based on Google GKE clusters in RBAC controlled Rafay projects. Environment Manager enables a self-service model for Development and DevOps teams (Admins) to create environments while giving enough control to the central Ops, SRE and Platform teams (End Users) to enforce security, cost, governance guardrails and standardization.

Source Code for Template

The Terraform source code and related assets are available in a public Git repo as shown below

Git Repo

Design & Architecture

This design assumes a GKE cluster will be created and assigned on-demand to the developer for their applications.

Architecture

Initial Setup

The platform team is expected to setup the Environment Manager templates in a Rafay project that will then be used by developers for self service provisioning of GKE clusters.

sequenceDiagram 
    participant plat as Platform Team 
    participant rafay as Rafay Environment Manager 

    plat->>rafay: Create Developer Project
    plat->>rafay: Setup Environment Template
    plat->>rafay: Share Environment Template with Projects
    rafay-->>plat: Setup Complete

Request for Environment

When a developer requests a cluster via self service, a series of automated workflows need to be performed to fulfil this request. The sequence diagram below describes the high level steps.

Important

Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users. 

sequenceDiagram
    participant dev as Developer
    participant rafay as Rafay
    participant csp as <br>GCP

    dev->>rafay: New GKE <br>based Environment
    rafay-->>csp: Create Rafay Project 
    rafay-->>csp: Create GKE Cluster 
    rafay-->>csp: Set User Permissions
    rafay->>dev: Environment Ready
    dev-->>rafay: Access/Use Application

Assumptions

  • You have access to a GCP Account
  • You have access to a Mac or Linux machine
  • You have a Git client on your machine that is setup for push/pull
  • You have Docker installed on your machine