AWS Partner Network (APN) Blog

Next-Gen Kubernetes Management Approaches for Managing Hybrid and Edge Applications

By Vladimir Baranek, Sr. Manager, Partner Solutions Architect – AWS
By Haseeb Budhani, CEO – Rafay Systems
By Sean Wilcox, Sr. VP – Rafay Systems

Rafay Systems

Historically, most enterprises have had a small set of manageable, centralized applications to build or modernize for their business and end customers. As the amount of applications and their deployment models evolved, complexity drastically increased with the arrival of new technology disruptions like hybrid clouds, 5G, and Internet of Things (IoT).

To realize full benefits of the cloud, customers are expecting all critical infrastructure to be up and running immediately, with automated management and operations. These requirements are extended to administration of distributed clusters, and scalability to handle hundreds of clusters supporting variety of deployment models and destinations.

In this post, we will look at how Rafay Systems provides a high level of automation, security, viability, and governance on top of Amazon Elastic Kubernetes Service (Amazon EKS). As a result, many customers use Amazon EKS and leverage Rafay to streamline EKS lifecycle management, along with application deployment and governance requirements for containerized apps running in EKS.

Rafay Systems is an AWS Partner with a service validation for AWS Outposts. Rafay automates multi-cluster management and applications operations, enabling bring up/operation of managed Kubernetes clusters in the cloud.

AWS Enables Cross-Location Managed Infrastructure Delivery

The evolution to hybrid cloud infrastructure can’t be ignored, with 93% of enterprises in a recent survey implementing either a multi-cloud or hybrid cloud strategy. Let’s take a look at several technologies from Amazon Web Services (AWS) that help enterprises accelerate their journey toward modern applications with a modern infrastructure.

AWS Outposts is a fully managed service that offers an entire AWS infrastructure—including all AWS services, APIs, and tools—to virtually any local data center, co-location space, or on-premises environment. As a result, you can have all the benefits of AWS available locally.

Edge applications, meanwhile, take advantage of the power of 5G and IoT technology. 5G delivers download speeds up to 2.7x faster and offers capabilities that are a game-changer for businesses and consumers with smartphones, tablets, and wearables.

5G is so impactful that MIT Technology Review forecasts that by 2035, 5G’s contribution to the global GDP will be about the current size of India’s entire economy.

The number of IoT devices, many of which will soon be able to take full advantage of 5G speeds, is projected to grow from 7 billion in 2018 to 22 billion by 2025.

AWS Wavelength is an infrastructure offering that enables enterprises to take advantage of 5G and IoT. With Wavelength, companies can embed AWS compute and storage services right inside the communications service providers’ (CSP) data centers at the edge of the 5G network.

With AWS Outposts and AWS Wavelength, application traffic doesn’t have to leave the local data center or telecommunications network. As a result, this architecture removes latency and enables AWS customers to take advantage of hyperlocal compute and fast local networks.

Requirements for Managing Modern Applications

Developing edge applications is one hurdle that enterprises face, but managing the lifecycle of potentially hundreds of these applications across the globe is quite another. That’s where Kubernetes comes in.

Kubernetes has become the de facto standard for orchestrating containerized workloads in the data center and on the cloud. It has also emerged as a foundational component for managing edge applications because it allows organizations to meet several key application management requirements no matter where applications reside, including:

  • Efficiently provisioning potentially hundreds of applications globally.
  • Managing the lifecycle of applications, including upgrades.
  • Securing access to applications and its components.
  • Obtaining visibility, monitoring, and thus supporting applications.

Meeting these requirements (with operational scalability and efficiency required across the globe) is a monumental task if only relying on open-source Kubernetes. These do-it-yourself (DIY) projects characteristically have a long time to market, high total cost of ownership (TCO), and resource needs that are increasingly difficult to find.

Rafay Kubernetes Operations Platform

The Rafay Kubernetes Operations Platform allows enterprises to deploy and manage containerized apps anywhere on any type of infrastructure. This ensures flexibility, reliability, availability, and performance through a developer-friendly interface.

Rafay’s deep integration with Amazon EKS means enterprises have one console for provisioning and managing the lifecycle of their applications and Kubernetes clusters across AWS regions. As a result, enterprises can focus on their applications’ needs and value to users instead of building and maintaining a complex and costly DIY Kubernetes infrastructure to manage it.

Automatically Provisioning Applications

Rafay allows enterprises to provision Kubernetes clusters on the cloud, within data centers, and at the edge. It provides streamlined provisioning approaches that allow users to bring up a Kubernetes cluster in minutes.

AWS regions are physical locations around the world where data centers are clustered, and each group of logical data centers is called an AWS Availability Zone (AZ). Each AWS region consists of multiple, isolated, and physically separate AZs within a geographic area.

All Availability Zones are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber.


Figure 1 – AWS regions, Availability Zones, data centers, and deployed apps.

Rafay was designed to be a completely automated, zero-touch experience for enterprises, which is critical to efficiently manage fleets of clusters. This approach is currently supported for AWS and Amazon EKS, as well as other Kubernetes platforms.

For high availability clusters, Rafay automatically provisions master nodes in different AZs. This ensures applications deployed using Rafay are protected from issues such as lightning strikes, tornadoes, earthquakes, and more.

Application Lifecycle Manage and Upgrades

Managing the lifecycle of applications (also known as Day 2 operations) across the globe can be a nightmare for DevOps and IT operations professionals. Today’s modern applications are frequently updated multiple times a week or daily. Application upgrades, for example, can be a painful, cumbersome process requiring a global operations team.

With Rafay, you can upgrade both application components and the underlying Kubernetes infrastructure with just a few clicks across AWS, data centers, and at the edge.


Figure 2 – Multi-cluster upgrade.

Developers deploy and update apps frequently, while users expect uninterrupted service. Rafay provides several flexible deployment and upgrade options, including rolling upgrades and auto-rollbacks, in case there are any issues.

Zero-Trust Access to Applications and Clusters

Security is a broad term, so in this post we refer to securing access to the Kubernetes control plane for the purposes of managing applications.

Zero trust security is a modern security model that requires strict identity verification for every user and device trying to access resources on a private network, immaterial of their current location (inside or outside of the network perimeter).

Traditional IT network security is based on a castle-and-moat concept where users inside the castle are trusted by default. The fundamental issue with this approach is that once the attacker gains access to the network, they have access to everything inside. Just because a user has access to a virtual private network (VPN) or Bastion should not mean they have unfettered access to all resources.

Out-of-the-box and integrated with Amazon EKS, Rafay provides a feature called Zero-Trust Kubectl Access (ZTKA). This secures access to a managed cluster’s API server via a proxy, providing centralized authentication, authorization, and auditing. It also allows for the instant provisioning and de-provisioning of user access.

As a result, ZTKA empowers IT ops and DevOps teams to easily access clusters via kubectl while complying with regulatory and governance requirements—enforced via easy role-based access control (RBAC) configuration. All access is audited and does not require inbound firewall rules.

Rafay provides other security features such as cloaking the Kubernetes API server by default for Amazon EKS to prevent denial of service (DoS) attacks.

Monitoring and Supporting Distributed Applications and Clusters

Monitoring the health of and supporting applications and clusters across an enterprise’s hybrid and edge infrastructure can be difficult. To efficiently and effectively support mission-critical applications, enterprises require a unified, single pane of glass view into the health of their applications and clusters.

For Amazon EKS, Rafay Kubernetes Operations Platform offers an integrated dashboard that provides cluster administrators with detailed visibility and insight into all EKS clusters. Additional dashboards with alerting capabilities are available at the single cluster, node/node group, and pod level.


Figure 3 – Rafay dashboard for Amazon EKS clusters.

Dashboards and alerts make monitoring and remediating issues for applications and clusters efficient, no matter how many clusters exist or where they may reside (for example, across AWS regions, within data centers or at the edge).


To meet the demands of businesses and customers, enterprise applications are rapidly becoming more distributed and localized across infrastructures. To manage this mesh of complex, modern applications across the globe (and the microservices and containers powering them all), companies need to analyze the new requirements for a modern application infrastructure that supports it.

Applications running on AWS (including technologies such as AWS Outposts and AWS Wavelength) and managed with the Rafay Kubernetes Operations Platform can deliver a solution of easily managed applications across hybrid and edge infrastructures for this brave new world.


Rafay Systems – AWS Partner Spotlight

Rafay Systems is an AWS Partner that automates multi-cluster management and applications operations, enabling bring up/operation of managed Kubernetes clusters in the cloud.

Contact Rafay Systems | Partner Overview