Skip to content

Overview

This is a reference design and implementation of an environment template to provision self service developer environments within a vCluster. The vClusters can run on any source platform (EKS, AKS, GKE, MKS) host. This reference design is based on Rafay's Kubernetes Manager and Environment Manager.

Source Code for Template

The Terraform source code and related assets are available in a public Git repo as shown below

Git Repo

Design & Architecture

This design assumes a single, shared cluster with Kubernetes namespace(s) running vClusters that will be created and assigned to the developer for their applications.

Architecture

Initial Setup

The platform team is expected to provision an shared host cluster in a Rafay project. The cluster resources will be shared with developers via vClusters. Each vCluster will be created in a new project for the developer.

    sequenceDiagram
    participant plat as Platform Team
    participant rafay as Rafay Platform
    participant host as Host Cluster
    participant idp as Identity Provider <br> (IdP)

    note over plat,idp: Multiple vCluster based testbeds <br> on a single Host Cluster
    plat->>rafay: Provision Repository 

    rect rgba(0, 0, 255, .1)
    opt Configure SSO in Identity Provider
        plat->>rafay: Configure SSO
        rafay-->>idp: Integrate Rafay <br> w/ Identity Provider (IdP)
    end
    end

    rafay->>plat: Setup Complete

Request for Environment

When a developer requests a cluster via self service, a series of automated workflows need to be performed to fulfil this request. The sequence diagram below describes the high level steps.

Important

Although the recommended workflow assumes and recommends using an Integration with an Identity Provider (IdP) to provide a Single Sign On (SSO) experience, organizations can also use locally managed users. 

    sequenceDiagram
    participant dev as Developer
    participant rafay as Rafay
    participant host as Host Cluster
    participant vcluster as vCluster
    participant idp as Identity Provider <br> (IdP)

    dev->>rafay: Request vCluster
    rect rgba(120, 120, 120, 0.1)
    rafay->>rafay: New Project in Org
    rafay->>rafay: Create Group <br> w/Project Admin RBAC
    rect rgba(0, 0, 255, .1)
    opt Enable SSO via Identity Provider
        rafay-->>idp: Create Group for Project  
        rafay-->>idp: Add Developer to Group 
    end
    end

    rafay->>host: New Namespace
    rafay->>host: Deploy vCluster to <br>Namespace
    host-->>vcluster: vCluster Deployed
    vcluster-->>rafay: Download Kubeconfig
    rafay->>vcluster: Import vCluster <br> into Project
    end
    rafay->>dev: vCluster Ready
    dev->>rafay: Developer accesses vCluster

Assumptions

  • You have an existing managed kubernetes cluster in Rafay Kubernetes Manager
  • You have access to a Mac or Linux machine
  • You have a Git client on your machine that is setup for push/pull
  • You have Docker installed on your machine