Rafay Product Bytes: Zero-Trust Security for Kubectl, Deeper Amazon EKS Integration, Enhanced Fleet Management and More!

Welcome to our new, ongoing blog series called Product Bytes that highlights recent product enhancements we’ve made to our Managed Kubernetes Platform (for enterprises) and Kubernetes as a Service (for service providers) products so you can stay up to date on what’s new. In this, our first installment, we’ll introduce a number of key improvements, but stay tuned because we’ll follow up with detailed blog posts on the features worth taking a deeper dive.

 

ZTKA In Browser

New: Zero-Trust Kubectl Access 

One of the most exciting new features is Zero-Trust Kubectl Access (ZTKA). The ZTKA (pictured above) secures access to a managed cluster’s API server via a proxy providing centralized authentication, authorization and auditing. It also provides for the instant provisioning and de-provisioning of user access. As a result, ZTKA empowers IT Ops and DevOps teams to easily access clusters via kubectl while complying with regulatory and governance requirements — enforced via easy RBAC configuration. All access is audited and does not require inbound firewall rules. ZTKA is included in the Managed Kubernetes Platform. See our ZTKA video, read our docs or sign up for a demo to see it in action — stay tuned for more blog posts detailing all the features of ZTKA!

 

Amazon EKS

Deeper Amazon EKS Integration

Rafay has the deepest Amazon EKS integration on the market and, with our latest release, it just got deeper. In addition to on-demand EC2 instances, Rafay can also provision worker nodes using spot instances that can provide 70-90% savings over on-demand prices. Further, Rafay-provisioned Amazon EKS Clusters are now configured as Private by default, ensuring the cluster’s control plane is not visible or accessible over the Internet. And our default cluster blueprint for Rafay-provisioned Amazon EKS clusters has been updated to automatically deploy the AWS Node Termination Handler to ensure spot instance interruptions are handled gracefully. 

We are extremely excited about our ever-expanding partnership with Amazon (see Rafay joins AWS Outposts Ready Program) and look forward to deeper integrations and joint innovation. 

 

Kubernetes Upgrade

Enhanced Cluster & Fleet Management

We at Rafay are always adding more capabilities to our long list of cluster and fleet management features. Here is a sample of our most recent enhancements: 

  • One-Click K8s Upgrades (pictured above): Administrators can now schedule and perform Kubernetes upgrades of Rafay provisioned clusters with the click of a button. As Rafay qualifies new Kubernetes versions (major and minor), customers will be provided notifications.
  • Cluster Labels: You can now create and assign labels to clusters providing the ability to organize and manage a fleet of clusters effectively and efficiently. Clusters can be sorted/filtered by Blueprints.
  • Node Labels & Taints: Users can now view and set node level labels and taints directly from the Rafay Console/Controller.
  • Cluster Blueprints & Add-ons: Users can now view, download and update existing add-ons. Cluster blueprints are now version controlled and can be sorted/filtered by Blueprints. 
  • Cluster Sharing Across Projects: Administrators can now enable sharing of clusters across multiple projects. This enables workloads from different projects to be deployed on a shared fleet of clusters.
  • Enhanced Monitoring & Alerts: Enhanced monitoring with proactive alerts and notifications for a number of common scenarios related to clusters, nodes, workloads, pods and storage. Users will have centralized access to all alerts across the fleet of clusters. 

 

Hashicorp Vault Integration

Expanded Hashicorp Vault and Prometheus Integrations

The Rafay workload wizard has been enhanced to leverage Rafay’s turnkey integration with Hashicorp’s Vault (pictured above) and Prometheus. With this improved integration, workload administrators can a) enable secure and dynamic retrieval of application secrets from their central Hashicorp Vault server and b) configure and enable the use of custom, application-specific metrics for horizontal pod autoscaling (HPA) in just a few clicks. For more information, check out each of these two sections in our Managed Kubernetes Platform documentation: managing secrets and integrating monitoring.

 

…and More!

There are literally dozens of other recent additions and improvements to Rafay’s products and I encourage you to give them a spin for yourself or read our documentation for more information! As always we’d love your questions and feedback. Stay tuned for future Product Bytes detailing many of the features above!

Tags:
Amazon EKS , Application Lifecycle Management , Fleet Management , Hashicorp , HashiCorp Vault , Kubernetes , Prometheus , Zero-Trust , Zero-Trust Kubectl , Zero-Trust Kubernetes

Trusted by leading companies