Create, deploy, operate, monitor, upgrade and retire Kubernetes-resident applications across regions, clouds and environments
Kubernetes empowers developers to utilize new architectures to think about application operations in a very different way. However, it can also be really complicated.
Normal Business Applications
Many organizations believe that Kubernetes provides far more functionality than what the average business application developer actually needs. This makes it easy for the inexperienced developer to make mistakes completely unpredictable ways. Developers of normal business applications generally care about getting an HTTP endpoint up that helps deliver a product/service on time to stay competitive and relevant. They do not care about the nuances and details of Kubernetes and its various resources.
Rafay helps these teams and organizations abstract Kubernetes from their developers to ensure they continue to be productive and agile. Rafay can integrate with Continuous Integration (CI) platforms such as Jenkins, CircleCI, and GitLab, enabling a developer experience where they just have to push code to their Git repository and the containers show up on the required Kubernetes cluster.
Organizations dealing with complex infrastructure applications, or where developers are fluent in Kubernetes, may be required to make low level changes to Kubernetes. However, operations and security personnel may still be reluctant to give the developers unfettered access to their fleet of clusters to ensure compliance with the organization’s security policies and SLAs.
Rafay provides an elegant set of workflows that enable both security, operations and developer teams to collaborate effectively protecting deployment velocity and security/compliance at the same time.
Rafay provides a prescriptive automation framework that makes it easy to define and manage an application’s lifecycle – from deployment to ongoing operations to de-provisioning.
Organizations are likely to have different application teams or developers with vastly different levels of expertise with Kubernetes. Rafay provides different workflows for these users ensuring there is no loss in productivity or agility.
Kubernetes Expert Users
Developers familiar with Kubernetes who have YAML or HELM application charts in their Git repos can embed Rafay directly into their GitOps workflows.
New Kubernetes Users
For developers new to Kubernetes, Rafay provides an intuitive, guided workflow that serves as an abstraction layer from the underlying Kubernetes complexity. The guided workflow translates business requirements and automatically generates the underlying Kubernetes YAML during the application deployment process.
This flattens the learning curve and investment required to support Kubernetes deployments, resulting in increased DevOps productivity and faster time-to-market.
With Rafay, developers can securely configure, deploy and operate their containerized applications in multiple clusters from a single application console. The platform provides an intuitive, bird’s eye view of their application deployments across multiple clusters.
Rafay also acts as a system of record for all applications and clusters, providing complete visibility into the current state and lifecycle for each application.
When needed, developers can troubleshoot and debug their containers securely without requiring cumbersome, time consuming inbound SSH or Kubernetes control plane access to every Kubernetes cluster.
For deeper inspection, developers can quickly access their container via a shell (pod exec) and streaming logs (tail -f) without requiring VPN or host SSH access.
Rafay provides built-in alerts for application health monitoring and self healing. Organizations can quickly integrate these alerts with their preferred incident response platform such as PagerDuty, OpsGenie and Remedy. Users can leverage the built in application dashboards providing deep, real time insights into their application’s health, performance and end user experience across multiple clusters.
At its core, Kubernetes is a declarative system. With Rafay, developers can provide Kubernetes with the resource manifests that represent the overall application workload they would like operationalized. Based on the configured organizational policy, these resource manifests are transmitted to the intended clusters.
Rafay integrates with popular Continuous Integration (CI) platforms like Jenkins, CircleCI and GitLab to deliver highly automated “commit-to-deploy” pipelines. Customers can leverage their source control as a central system of record (aka GitOps) that can assist with rapid recovery from disasters.
For applications to be successful, they need to deliver a world-class experience for their users and have to be in compliance with regulations. With Rafay, this translates into multiple types of policies that can configured declaratively once and stored in the application’s Git repo driven by the application’s CI/CD pipeline.
Compliance and regulations may require the application owner to deploy and operate the application in specific geographies. With Rafay, organizations can inject a Lat/Long into their fleet of clusters as meta-data and seamlessly use “location” in the application deployment policy.
Users have come to expect great performance from applications. With Rafay, organizations can quickly configure a “Performance Policy” based application deployment.
Once the application owner configures the “SLO” (target round trip time/latency for a percentile of users), Rafay automatically deploys the application to a list of clusters that is best suited to achieve the SLO. Rafay then continuously measures compliance with the specified performance SLO and dynamically deploys the application to additional clusters, if required.
Specific Cluster Policy
For developers and organizations that know exactly which clusters they wish to deploy their application to.
Rafay can optionally be configured to automatically program global DNS to ensure application users can benefit from Global Server Load Balancing (GSLB) and Geo Targeting. If a cluster is temporarily unavailable, the platform can still detect it and automatically remove it from the DNS pool until its health is restored.
In today’s microservices based environment, frequent upgrades and updates are the norm. Therefore, an automated, workflow-based process is critical to ensure smooth and successful operations
In addition, to streamlining multi cluster, global deployments of applications, customers can also leverage Rafay to streamline and automate application upgrades.
For example, consider an application that is deployed in 5 AWS regions. The operations team may wish to first upgrade the application on a “canary cluster” before automatically upgrading the entire fleet of clusters.
With Rafay’s policy based upgrades, organizations can “declaratively” specify how they wish their cluster deployments upgraded and use this to automate the entire upgrade process inclusive of automated rollbacks.
Zero Trust and Secure Access
Organizations managing a distributed Kubernetes clusters cannot risk having their cluster control plane open to attackers on the Internet. With Rafay, organizations can implement a “Zero Trust Model” access model to the cluster’s control plane. The control plane is then completely cloaked. This results is in allowing only inbound access to the control plane from a bastion, and then only to select, highly privileged administrators.
Organizations can easily implement a separation of duties by ensuring that application and operation team tasks are focused on their responsibilities.
Rafay avoids cluster access credential sprawl by creating, managing and monitoring the lifecycle of hundreds of roles and permissions for every user across all clusters.
The platform enforces secure, fine grained access to applications and clusters via role based access control (RBAC), augmented with MFA and Single Sign On (SSO) via integration with Identity Providers such as Azure Active Directory, Okta, etc.
Complete Audit Trail
Rafay provides visibility and insight into all applications across clusters.This includes capturing and maintaining a complete and detailed audit trail of all activities performed by users ensuring there are no blind spots for the security team.
Encrypted Secrets Delivery and Management
Organizations can prevent orphaned secrets on clusters by automating and securing the delivery, provisioning and deprovisioning of secrets. Secrets are automatically injected just-in-time (JIT) before the application workload is deployed to the target clusters.
Organizations can optionally also increase the security posture of their applications leveraging Rafay’s out-of-box integration with a corporate secrets management platform such as Hashi Corp’s Vault.