Kubernetes Namespaces as a Service

Self-Service Access to Namespaces for Your Developers

Provide developers, data scientists and all cloud users with self-service access to Kubernetes namespaces using proven templates with guardrails included.

Jump to Section:

Why Namespaces-as-a-Service?

Namespaces divide Kubernetes clusters into logical shares that can be used by and isolated from different teams or projects. Enterprises that streamline the process of setting up namespaces by providing self-service access for developers gain significant benefits.

Lower Cloud & K8s Costs

Significant cost savings can be realized by sharing clusters at scale instead of always creating new clusters.

Increase Developer Velocity

Deployments are 4x faster when namespaces are available on demand vs. having to wait for access to infrastructure.

Simplify Cluster Management

The reuse of templatized namespaces within a cluster with policy built-in reduces ongoing management overhead.

Unique Rafay Capabilities for Namespace-as-a-Service

Dozens of enterprise platform teams leverage these unique features to rapidly build namespace-as-a-service automation with Rafay and delight their developers.

Lifecycle Management

Self-service for Namespace Creation

Users should be able to provision namespaces but should not have access to resources outside of their namespaces

Infrastructure as Code (IaC)

Support for Terraform or GitOps first approaches & support for private Git repos

Resource Quotas for Teams/apps

Ability to define and enforce quotas to prevent noisy neighbor issues i.e. sum total of namespace resource requests for a team/application shall not exceed a value

Bring Preexisting Namespaces into Compliance

Manage pre-existing namespaces in the same manner (i.e. same guardrails) as new namespaces

Integrate with CD (eg Argo)

The same guardrails (e.g. quotas, network policies) shall be enforced for namespaces created out of band

Centralized Visibility

Cross-account and cross-cloud visibility

Disaster Recovery

Define and enforce DR policies for namespaces

Developer Self-Service

Flexible interfaces

Ability to consume the platform through the preferred interface: UI, Backstage, GitOps or CMDBs (e.g. ServiceNow)

Simple Process for Compute

No time consuming ticket driven process where the Platform team has to manually provision namespaces

Visualization of Namespace Resources

View into what resources are violating policies so that it is easy to remediate and course correct (for future actions)

Streamlined Kubectl Access

To help with scenarios such as application right sizing exercises & requesting platform team for additional compute

Repository of Approved Apps

Integrated, low touch experience for installing applications that have been scanned for vulnerabilities etc.

Governance

Network Policies for Namespace Isolation

Namespaces are not isolated by default in K8s. Ability to enforce network policies so that namespaces belonging to different teams cannot communicate with each other

Just in Time User Identity

Implementing K8s RBAC at scale with company’s IDP as source of truth without the need to implement expensive solutions such as bastions, VPNs etc. so that users have access to only their namespaces

Kubectl Access Audits

Centralized visibility into user actvities + ability to export audits to an external system (e.g. Splunk, Datadog)

Chargeback/ Showback

Collect granular utilization metrics from clusters to implement chargeback/ showback models (including sharing costs across tenants for unallocated resources and common services) and drive app rightsizing

Identify Underutilized Namespaces

Collect of Granular utilization metrics from namespaces to show usage by CPU, Memory

Policies

Centralized policy enforcement for security, reliability and operational efficiency. Centralized visibility into policy violations Examples for policies include to only allow images from blessed repos and ensure that pods are running with appropriate privileges

Compliance Benchmarks

Ongoing scans against benchmarks such as CIS, NSA hardening recommendations etc. Ability to securely access the fleet of clusters to run periodic scans and centrally aggregate the benchmark reports

Deployment Options

SaaS and Self-hosted

Self-hosted airgapped option may be necessary for highly regulated industries such as public sector and biotech

Multi-Tenancy

Platform to Support Multiple Teams

Central platorm that can deliver “namespace as a service” to multiple teams within the organization with access to resources controlled by user identity

Download the Templates

More downloadable templates are coming soon. So, to get started providing self-service access to namespaces in your enterprise, talk to us about one of the templates below.

NaaS on EKS

Environment:
Kubernetes

Elastic Kubernetes Service on Amazon Web Services

Template

NaaS on Azure

Environment:
Kubernetes

Azure Kubernetes Service on Azure

NaaS on GCP

Environment:
Kubernetes

Google Kubernetes Engine on Google Cloud Platform

NaaS on vSphere

Environment
Kubernetes

vShpere in Private Data Center

NaaS on Upstream Kubernetes

Environment
Kubernetes

Upstream Kubernetes in Private Data Center, Bare Metal, Edge

White Paper
Hybrid Cloud Meets Kubernetes

Learn how to Streamline Kubernetes Ops in Hybrid Clouds with AWS & Rafay

Download White Paper

"Easily operate and rapidly deploy applications anywhere across multi-cloud and edge environments."

Aamir Hussain

SVP Chief Product Officer, Verizon Business

"Rafay’s unified view for Kubernetes Operations & deep DevOps expertise has allowed us to significantly increase development velocity."

Alec Rooney

CTO

"The big draw was that you could centralize the lifecycle management & operations."

Beth Cohen

Cloud Technology Strategist, Verizon Business