Rafay Docs

Home
Home
- Overview
- Key Concepts
- Architecture
- Organizations
- Self Hosted Controller
  Self Hosted Controller
  - Overview
  - Configurations
  - Environments
    Environments
    
    Bare Metal/VM
    Bare Metal/VM
    
    Requirements
    
    Installation
    
    AWS EC2
    AWS EC2
    
    Requirements
    
    Installation
    
    Azure AKS
    Azure AKS
    
    Requirements
    
    Installation
    
    Backup and Restore
    
    Google GKE
    Google GKE
    
    Requirements
    
    Installation
  - Upgrades
    Upgrades
    
    1.4.x to 1.5.x
    
    1.5.x to 1.6.x
- Release Notes
  Release Notes
  - 2022
  - 2021
  - 2020
  - 2019
- Partners
  Partners
- Videos
- Contact
Get Started
Get Started
- Overview
- Kubernetes
  Kubernetes
  - Overview
  - Install MicroK8s
  - Kubernetes 101
    Kubernetes 101
    
    Part 1: Using Namespaces
    
    Part 2: Using Pods
    
    Part 3: Using Deployments
    
    Part 4: Using Services
    
    Part 5: Using Ingress
  - Kubernetes 201
    Kubernetes 201
    
    Part 1: Using ConfigMaps
    
    Part 2: Using Secrets
    
    Part 3: Using PV
    
    Part 4: Using PVC
  - Kubernetes 301
    Kubernetes 301
    
    Deployments, StatefulSets, DaemonSets
    
    Part 1: Using StatefulSets
    
    Part 2: Using DaemonSets
- Basics
  Basics
- Amazon EKS
  Amazon EKS
  - EKS Backup/Restore
    EKS Backup/Restore
    
    Overview
    
    Part 1: Setup Environment
    
    Part 2: Create Resources
    
    Part 3: Backup/Restore
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Provision
    
    Part 2: Scale
    
    Part 3: Upgrade
    
    Part 4: Deprovision
  - CloudWatch
    CloudWatch
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Deprovision
  - Cluster Autoscaler
    Cluster Autoscaler
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Provision
    
    Part 4: Workload
    
    Part 5: Deprovision
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
  - GPU
    GPU
    
    Overview
    
    Part 1: Setup
    
    Part 2: Blueprint
    
    Part 3: Provision
    
    Part 4: Workload
    
    Part 5: Scaling
    
    Part 6: Deprovision
  - Graviton
    Graviton
    
    Overview
    
    Provision
    
    Deploy Workload
    
    Deprovision
  - Karpenter
    Karpenter
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Blueprint
    
    Part 4: Workload
    
    Part 5: Deprovision
  - Secrets Manager
    Secrets Manager
    
    Overview
    
    Part 1: Provision
    
    Part 2: Blueprint
    
    Part 3: Workload
    
    Part 4: Deprovision
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
- Amazon EKS Anywhere
  Amazon EKS Anywhere
  - Overview
  - Quick Start
- Azure AKS
  Azure AKS
  - Overview
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
- Upstream Kubernetes
  Upstream Kubernetes
  - Standard Operating Model
    Standard Operating Model
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Deprovision
- VMware vSphere
  VMware vSphere
  - Cluster Lifecycle
    Cluster Lifecycle
    
    Overview
    
    Part 1: Setup
    
    Part 2: Provision
    
    Part 3: Scale
    
    Part 4: Upgrade
    
    Part 5: Deprovision
- GitOps
  GitOps
  - Deployment Strategies
    Deployment Strategies
    
    Overview
    
    Setup
    
    Recreate
    
    Rolling Update
    
    Blue-Green
    
    Canary
  - System Sync
    System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync Blueprint
    
    Part 3: Sync Workload
  - EKS System Sync
    EKS System Sync
    
    Overview
    
    Part 1: Setup
    
    Part 2: Sync from Git
    
    Part 3: Sync from System
- Policy Management
  Policy Management
  - OPA Gatekeeper
    OPA Gatekeeper
    
    Overview
    
    Part 1: Setup
    
    Part 2: Policy
    
    Part 3: Blueprint
    
    Part 4: Workload
  - Turnkey OPA Policies
    Turnkey OPA Policies
    
    Overview
    
    Part 1: Setup
    
    Part 2: Apply
    
    Part 3: Test
- Network Policy
  Network Policy
- Zero Trust Kubectl
  Zero Trust Kubectl
- CNCF Recipes
Automation
Automation
- Overview
- CLI
  CLI
  - Overview
  - AddOns
  - Agents
  - Backup and Restore
  - Blueprints
  - Catalog
  - Clusters
  - Config
  - Credentials
  - Namespaces
  - Network Policy
  - Org Settings
    Org Settings
    
    IdP/SSO
  - Overrides
  - Pipelines
  - Policy
  - Projects
  - Repository
  - RBAC
  - Secret Groups
  - Secret Stores
  - Service Mesh
  - Templating
  - Trigger
  - Workloads
- Terraform Provider
- APIs
Clusters
Clusters
- Overview
- Metadata
  Metadata
- Amazon EKS
  Amazon EKS
  - Overview
  - Templates
    Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI for Cluster Template
  - Credentials
  - IAM Policy
    IAM Policy
    
    Overview
    
    Full
    
    Customer-Managed VPC
    
    Customer-Managed VPC & IAM
    
    Customer-Managed VPC & IAM with Restrictions
  - Cluster Config
  - CLI
    CLI
    
    Overview
    
    GitOps
    GitOps
    
    Overview
    
    Examples
  - Config Schema
  - Provision
  - IAM Service Accounts
    IAM Service Accounts
    
    Overview
    
    CLI for IRSA
  - CNI Providers
  - Control Plane
  - VPC Networking
    VPC Networking
    
    Overview
    
    Secondary CIDR with VPC
  - Nodegroups
    Nodegroups
    
    Overview
    
    Custom AMI
  - Wavelength Zone
  - AWS Tags
  - Spot Instances
  - Node Labels
  - Visibility and Monitoring
  - RBAC based KubeCTL
  - Identity Mapping
  - Deprovision
  - k8s Upgrades
  - AMI Upgrades
  - Audit
  - API
  - Best Practices
  - FAQ
  - Troubleshooting
- Amazon EKS Anywhere
  Amazon EKS Anywhere
  - Overview
  - Quick Start
- Amazon EKS Distro
  Amazon EKS Distro
  - Overview
  - Quick Start
- Azure AKS
  Azure AKS
  - Overview
  - Templates
    Templates
    
    Create Cluster Template
    
    Create Cluster from Template
    
    CLI for Cluster Template
  - Azure Setup
  - Credentials
  - Provision
  - Node Labels
  - Spot Price
  - Visibility and Monitoring
  - Deprovision
  - K8s Upgrades
  - Audit
  - CLI
    CLI
    
    Overview
    
    GitOps
    GitOps
    
    Overview
    
    Examples
  - Config Schema
- Bare Metal/VM
  Bare Metal/VM
  - Approaches
  - Overview
  - Supported Environments
  - Configuration
  - Preflight Checks
  - Provisioning
  - Master Nodes
  - Worker Nodes
  - Upgrades
  - Troubleshooting
  - Retry and Backoff
  - Reset Node
  - CLI
  - Storage
    Storage
    
    Add Storage
  - Zero Trust Host Access
    Zero Trust Host Access
    
    Overview
    
    Examples
    Examples
    
    Single Command-Node
    
    Multiple Command-Node
    
    Command-Cluster
    
    Command History
- Edge
  Edge
  - Overview
  - Simulator
- Equinix Metal
  Equinix Metal
- Google GKE
  Google GKE
  - Overview
  - Lifecycle
- Imported
  Imported
- Open Stack
  Open Stack
  - Overview
  - Provision
  - Deprovision
  - Lifecycle
  - FAQ
- RedHat OpenShift
  RedHat OpenShift
  - Overview
  - Import
  - Blueprints
  - Dashboards
- Virtual Appliance
  Virtual Appliance
  - Overview
  - Provision
  - Deprovision
  - Lifecycle
  - FAQ
- VMWare vSphere
  VMWare vSphere
  - Overview
  - Gateway
  - Credentials
  - Provisioning
  - CLI
  - Config Schema
Multi Tenancy
Multi Tenancy
- Overview
- Hard Tenancy
- Soft Tenancy
  Soft Tenancy
  - Workspace
  - Namespace
    Namespace
    
    Overview
    
    Management
    
    Reconciliation
    
    CLI
Services
Services
- Overview
- Backup and Restore
  Backup and Restore
  - Overview
  - Backup Location
    Backup Location
    
    Overview
    
    AWS S3 Bucket
    
    Azure Blob Storage
    
    S3 Compatible Storage
  - CLI
  - Credentials
    Credentials
    
    Overview
    
    AWS
    
    Azure
    
    S3 Compatible
  - Data Agent
  - Backup Policy
  - Backup Job
  - Restore Policy
  - Restore Job
  - Considerations
- Blueprints
  Blueprints
  - Overview
  - Add-Ons
  - Managed Add-Ons
    Managed Add-Ons
    
    Overview
    
    Ingress Controller
    Ingress Controller
    
    Background
    
    Managed Ingress
  - Base Blueprints
    Base Blueprints
    
    Default Blueprint
    
    Minimal Blueprint
    
    Default Openshift
    
    Default AKS
    
    Pod Security Policy (Deprecated)
  - Custom Blueprint
  - Golden Blueprint
  - Cluster Fleet Management
  - Exceptions
  - Disable Default
  - Sharing
  - Cluster Overrides
  - Update Blueprint
  - CLI
  - API
- Catalog
  Catalog
- GitOps (Apps & Infra)
  GitOps (Apps & Infra)
  - Overview
  - Benefits
  - Pipelines
  - Stages
    Stages
    
    Overview
    
    Approval
    
    Deploy Workload
    
    Infra Provisioner
    Infra Provisioner
    
    Overview
    
    CLI
    
    System Sync
    
    Workload Template
  - Triggers
    Triggers
    
    Overview
    
    Troubleshooting
  - Secret Groups
    Secret Groups
    
    Pipeline Secret Groups
    
    CLI
  - Agents
- Network Policy
  Network Policy
  - Background
  - Overview
  - Installation Profiles
  - Network Policy Rules
    Network Policy Rules
    
    Overview
    
    Cluster-Wide Network Policy Rules
    
    Namespace Network Policy Rules
  - Cluster-Wide Network Policies
  - Namespace Network Policies
  - Network Visibility
  - CLI
- Policy Mgmt
  Policy Mgmt
- Secrets Management
  Secrets Management
  - AWS Secrets Manager
    AWS Secrets Manager
    
    Secrets Store Add-on
    
    Secret Provider Classes
    
    Configure IRSA
    
    Annotations
    
    CLI
  - HashiCorp Vault
    HashiCorp Vault
    
    Overview
    
    Configure Vault
    
    Use Vault-Helm/YAML
    Use Vault-Helm/YAML
    
    ENV Variables
    
    Files
    
    Use Vault-Wizard
  - Sealers
    Sealers
    
    Secret Sealer
    
    Use Secret Sealer
- Service Mesh
  Service Mesh
  - Background
  - Overview
  - Installation Profiles
  - Service Mesh Rules
    Service Mesh Rules
    
    Overview
    
    Cluster-Wide Rules
    
    Namespace-Wide Rules
  - Cluster-Wide Policies
  - Namespace Policies
  - Visibility
  - CLI
  - Common Use cases
    Common Use cases
    
    mTLS
    
    Vault
- Visibility & Monitoring
  Visibility & Monitoring
  - Visibility
    Visibility
    
    Overview
    
    Organization
    
    Projects
    
    Cluster
    
    My Clusters
    
    Nodes
    
    Kubernetes Resources
    Kubernetes Resources
    
    View/Edit/Delete
    
    Create
    
    Kubernetes Events
    
    Pod Dashboard
    
    Container Dashboard
    
    Configuration
    
    GPU Dashboard
  - Monitoring
    Monitoring
    
    Overview
    
    Alerts
    
    Notifications
    
    Custom Metrics HPA
- Zero Trust Kubectl
  Zero Trust Kubectl
  - Background
  - Overview
  - KubeCTL
    KubeCTL
    
    Browser
    
    KubeCTL CLI
  - Configuration
  - RBAC
  - Audit Trail
  - Private Kube API Proxy
  - FAQ
App Deployments
App Deployments
- Overview
- Kubectl
- Helm
- Workloads
  Workloads
  - Overview
  - Helm Charts
  - k8s YAML
  - Registry
    Registry
    
    Overview
    
    System Registry
  - Repositories
    Repositories
    
    Overview
    
    Public Repos
    
    Private Repos
    
    Lifecycle
    
    Agents
  - Wizard
    Wizard
    
    Overview
    
    Ingress
    
    DNS based GSLB
    
    Containers
    
    Container Registry
    
    Upgrade Strategy
    
    Storage
    
    Policy
    
    Publish
  - VM Wizard
  - Cluster Overrides
  - CLI
  - Zero Trust Debug
    Zero Trust Debug
    
    Overview
    
    Developer Tools
  - Continuous Integration
    Continuous Integration
    
    Overview
    
    Common Patterns
    
    Jenkins
    Jenkins
    
    Overview
    
    Workload Basics
    
    Workload Wizard
    
    Helm Workloads
    
    YAML Workloads
    
    Provision Upstream k8s
    
    Provision Amazon EKS
    
    CircleCI
    
    GitLab
    
    Azure DevOps
- Integrated GitOps
- 3rd Party GitOps
  3rd Party GitOps
  - ArgoCD
Recipes
Recipes
- Overview
- AlertManager
  AlertManager
  - Slack
  - PagerDuty
  - Opsgenie
- Backup
  Backup
  - CloudCasa
  - Velero
    Velero
    
    Overview
    
    Credentials - IAM Role
    
    Credentials - IAM User
    
    Credentials - MinIO
    
    Use Velero
- Cost Management
  Cost Management
  - Overview
  - Kubecost
- Cert-Manager
  Cert-Manager
- Databases
  Databases
  - Redis
  - InfluxDB
- Functions
  Functions
  - Kubeless
- Governance
  Governance
- GPU
  GPU
- Ingress
  Ingress
  - ALB
    ALB
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Ambassador
  - Citrix
  - Kong
    Kong
    
    Install Kong
    
    Enable Monitoring
    
    Enable Logging
    
    Sample Application
  - NGINX
    NGINX
    
    Overview
    
    Create Blueprint
    
    Test Workload
- Load Balancer
  Load Balancer
  - MetalLB
    MetalLB
    
    Overview
    
    Setup
    
    Install
    
    Test
- Logging
  Logging
  - CloudWatch
  - OpenSearch
    OpenSearch
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Splunk
  - Sumologic
  - New Relic
- Monitoring
  Monitoring
  - Amazon Prometheus
    Amazon Prometheus
    
    Overview
    
    Create
    
    Configure
    
    Access
  - CloudWatch
  - Datadog Agent
  - Grafana
  - New Relic
  - Prometheus Operator
  - Splunk Connect
- Network Policy
  Network Policy
  - Overview
  - Calico
    Calico
    
    Install
    
    Test
  - Cilium
    Cilium
    
    Install
- Secrets
  Secrets
  - AWS Secrets Manager
    AWS Secrets Manager
    
    Overview
    
    Create
    
    Configure
    
    Access
  - Hashicorp Vault
  - Sealed Secrets
- Security
  Security
  - Araali
  - Kube-bench
- Service Mesh
  Service Mesh
  - Istio
    Istio
    
    Overview
    
    Use Istio
  - Linkerd
    Linkerd
    
    Overview
    
    Use Linkerd
- Storage
  Storage
  - MinIO
  - Ondat
User Management
User Management
- Overview
- Users
- MFA
- Groups
- Roles
- CLI
- Single Sign On
  Single Sign On
  - Overview
  - AWS SSO
  - Azure AD
  - Duo SSO
  - Google Workspace
  - KeyCloak
  - Okta
  - Ping One
  - CLI
Security
Security
- Overview
- Projects
  Projects
- White Listing
- Audit Logging
- SIEM / Audit Logs
  SIEM / Audit Logs
  - Overview
  - DataDog
  - Splunk
- Compliance
- Vulnerabilities
- CIS Benchmark
- Contact

Overview

Rafay's Kubernetes Operations Platform is a modular cloud native platform that helps organizations make sense of the vast cloud native landscape. A number of key services are available in the platform abstracting away the initial and ongoing complexity associated with 10s or 100s of open source tools.

Both administrators and developers benefit from a seamless, integrated user experience while automating the toil of infrastructure, packaging, and security.

The list of integrated services provided by the platform are:

Backup & Restore
Blueprints
Catalog
Cost Management (Coming in Q4, 2022)
GitOps (Apps & Infrastructure)
Network Policy
Policy Management
Service Mesh
Visibility & Monitoring
Zero Trust Kubectl