Skip to content

Overview

This is a reference design and implementation of an environment template to provision self service developer environments within a namespace on a shared kubernetes cluster. This reference design is based on Rafay's Kubernetes Manager and Environment Manager.


Source Code for Template

The Terraform source code and related assets are available in a public Git repo as shown below

Git Repo


Design & Architecture

This design assumes a single, shared cluster with Kubernetes namespace(s) that will be created and assigned to the developer for their applications.

Architecture


Initial Setup

The platform team is expected to provision the Kubernetes cluster in a Rafay project. The cluster will be shared with developers via Kubernetes Namespaces.

sequenceDiagram 
    participant plat as Platform Team 
    participant rafay as Environment Manager 
    participant idp as Identity Provider 

    plat->>rafay: Setup Environment Template
    rafay->>idp: Integrate Env Manager <br> with Corporate IdP  
    rafay-->>plat: Setup Complete 

Request for Environment

When a developer requests a namespace via self service, a series of automated workflows need to be performed to fulfil this request. The sequence diagram below describes the high level steps.

Important

Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users.

sequenceDiagram
    participant dev as Developer
    participant rafay as Rafay
    participant csp as Host <br> Cluster
    participant idp as Identity Provider 

    dev->>rafay: New Namespace <br>based Environment
    rafay->>csp: Create k8s namespace w/ Resource Quota etc. 
    rafay->>csp: Create k8s 'deny-all' network policy in the namespace

    rect rgba(0, 0, 255, .1)
    opt SSO via Identity Provider
        rafay-->>idp: Create Group for k8s namespace 
        rafay-->>idp: Add developer to Group 
    end
    rafay->>rafay: Create Group in Rafay
    rafay->>rafay: Add Namespace Admin <br>Role to Group
    end
    rafay->>dev: Environment Ready
    dev->>rafay: Access/Use Namespace 

Assumptions

  • You have an existing managed kubernetes cluster in Rafay Kubernetes Manager
  • You have access to a Mac or Linux machine
  • You have a Git client on your machine that is setup for push/pull
  • You have Docker installed on your machine