Self-Service Access to Namespaces
Provide developers, data scientists and all cloud users with self-service access to Kubernetes namespaces using proven templates with guardrails included.
.png)
Why Namespace-as-a-Service?
Namespaces divide Kubernetes clusters into logical shares that can be used by and isolated from different teams or projects. Enterprises that streamline the process of setting up namespaces by providing self-service access for developers gain significant benefits.
Lower Cloud & K8s Costs
Significant cost savings can be realized by sharing clusters at scale instead of always creating new clusters.
Increase Developer Velocity
Deployments are 4x faster when namespaces are available on demand vs. having to wait for access to infrastructure.
Simplify Cluster Management
The reuse of templatized namespaces within a cluster with policy built-in reduces ongoing management overhead.
Unique Rafay Capabilities for Namespace-as-a-Service
Dozens of enterprise platform teams leverage these unique features to rapidly build namespace-as-a-service automation with Rafay and delight their developers.
Lifeycle Management
Self-service for Namespace Creation
Users should be able to provision namespaces but should not have access to resources outside of their namespaces
Infrastructure as Code (IaC)
Support for Terraform or GitOps first approaches & support for private Git repos
Resource Quotas for Teams/apps
Ability to define and enforce quotas to prevent noisy neighbor issues i.e. sum total of namespace resource requests for a team/application shall not exceed a value
Bring Preexisting Namespaces into Compliance
Manage pre-existing namespaces in the same manner (i.e. same guardrails) as new namespaces
Integrate with CD (eg Argo)
The same guardrails (e.g. quotas, network policies) shall be enforced for namespaces created out of band
Centralized Visibility
Cross-account and cross-cloud visibility
Disaster Recovery
Define and enforce DR policies for namespaces
Developer Self-Service
Flexible interfaces
Ability to consume the platform through the preferred interface: UI, Backstage, GitOps or CMDBs (e.g. ServiceNow)
Simple Process for Compute
No time consuming ticket driven process where the Platform team has to manually provision namespaces
Visualization of Namespace Resources
View into what resources are violating policies so that it is easy to remediate and course correct (for future actions)
Streamlined Kubectl Access
To help with scenarios such as application right sizing exercises & requesting platform team for additional compute
Repository of Approved Apps
Integrated, low touch experience for installing applications that have been scanned for vulnerabilities etc.
Governance
Network Policies for Namespace Isolation
Namespaces are not isolated by default in K8s. Ability to enforce network policies so that namespaces belonging to different teams cannot communicate with each other
Just in Time User Identity
Implementing K8s RBAC at scale with company’s IDP as source of truth without the need to implement expensive solutions such as bastions, VPNs etc. so that users have access to only their namespaces
Kubectl Access Audits
Centralized visibility into user actvities + ability to export audits to an external system (e.g. Splunk, Datadog)
Chargeback/ Showback
Collect granular utilization metrics from clusters to implement chargeback/ showback models (including sharing costs across tenants for unallocated resources and common services) and drive app rightsizing
Identify Underutilized Namespaces
Collect of Granular utilization metrics from namespaces to show usage by CPU, Memory
Policies
Centralized policy enforcement for security, reliability and operational efficiency. Centralized visibility into policy violations Examples for policies include to only allow images from blessed repos and ensure that pods are running with appropriate privileges
Compliance Benchmarks
Ongoing scans against benchmarks such as CIS, NSA hardening recommendations etc. Ability to securely access the fleet of clusters to run periodic scans and centrally aggregate the benchmark reports
Deployment Features
SaaS and Self-hosted
Self-hosted airgapped option may be necessary for highly regulated industries such as public sector and biotech
Multi-Tenancy
Platform to Support Multiple Teams
Central platorm that can deliver “namespace as a service” to multiple teams within the organization with access to resources controlled by user identity
Download the Templates
More downloadable templates are coming soon. So, to get started providing self-service access to namespaces in your enterprise, talk to us about one of the templates below.
NaaS on Upstream Kubernetes
"We are able to deliver new, innovative products and services to the global market faster and manage them cost-effectively with Rafay"
"We are able to deliver new, innovative products and services to the global market faster and manage them cost-effectively with Rafay"
"We are able to deliver new, innovative products and services to the global market faster and manage them cost-effectively with Rafay"
Try the Rafay Platform for Free
See for yourself how to turn static compute into self-service engines. Deploy AI and cloud-native applications faster, reduce security & operational risk, and control the total cost of Kubernetes operations by trying the Rafay Platform!
