Overview
This is a reference design and implementation of an environment template to provision self service developer environments within a namespace on a shared kubernetes cluster. This reference design is based on Rafay's Kubernetes Manager and Environment Manager.
Source Code for Template¶
The Terraform source code and related assets are available in a public Git repo as shown below
Design & Architecture¶
This design assumes a single, shared cluster with Kubernetes namespace(s) that will be created and assigned to the developer for their applications.
Initial Setup¶
The platform team is expected to provision the Kubernetes cluster in a Rafay project. The cluster will be shared with developers via Kubernetes Namespaces.
sequenceDiagram
participant plat as Platform Team
participant rafay as Environment Manager
participant idp as Identity Provider
plat->>rafay: Setup Environment Template
rafay->>idp: Integrate Env Manager <br> with Corporate IdP
rafay-->>plat: Setup Complete
Request for Environment¶
When a developer requests a namespace via self service, a series of automated workflows need to be performed to fulfil this request. The sequence diagram below describes the high level steps.
Important
Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users.
sequenceDiagram
participant dev as Developer
participant rafay as Rafay
participant csp as Host <br> Cluster
participant idp as Identity Provider
dev->>rafay: New Namespace <br>based Environment
rafay->>csp: Create k8s namespace w/ Resource Quota etc.
rafay->>csp: Create k8s 'deny-all' network policy in the namespace
rect rgba(0, 0, 255, .1)
opt SSO via Identity Provider
rafay-->>idp: Create Group for k8s namespace
rafay-->>idp: Add developer to Group
end
rafay->>rafay: Create Group in Rafay
rafay->>rafay: Add Namespace Admin <br>Role to Group
end
rafay->>dev: Environment Ready
dev->>rafay: Access/Use Namespace
Assumptions¶
- You have an existing managed kubernetes cluster in Rafay Kubernetes Manager
- You have access to a Mac or Linux machine
- You have a Git client on your machine that is setup for push/pull
- You have Docker installed on your machine