Using Capsule, a cluster admin can implement complex multi-tenant scenarios for both public and private deployments. Here is a list of common scenarios addressed by Capsule.
Acme Corp, our sample organization, built a Container as a Service platform (CaaS), based on Kubernetes to serve multiple lines of business. Each line of business has its team of engineers that are responsible for the development, deployment, and operating of their digital products.
To simplify the usage of Capsule in this scenario, we'll work with the following actors:
-
Bill: he is the cluster administrator from the operations department of Acme Corp. and he is in charge of administration and maintains the CaaS platform.
-
Alice: she works as the IT Project Leader in the Oil & Gas Business Units. These are two new lines of business at Acme Corp. Alice is responsible for all the strategic IT projects in the two LOBs. She also is responsible for a team made of different job responsibilities (developers, administrators, SRE engineers, etc.) working in separate departments.
-
Joe: he works at Acme Corp, as a lead developer of a distributed team in Alice's organization. Joe is responsible for developing a mission-critical project in the Oil market.
-
Bob: he is the head of Engineering for the Water Business Unit, the main and historical line of business at Acme Corp. He is responsible for the development, deployment, and operation of multiple digital products in production for a large set of customers.
Use Capsule to address any of the following scenarios:
- Onboard Tenants
- Create Namespaces
- Assign Permissions
- Enforce Resources Quotas and Limits
- Enforce Pod Priority Classes
- Assign specific Node Pools
- Assign Ingress Classes
- Assign Ingress Hostnames
- Control hostname collision in Ingresses
- Assign Storage Classes
- Assign Network Policies
- Enforce Containers image PullPolicy
- Assign Trusted Images Registries
- Assign Pod Security Policies
- Create Custom Resources
- Taint Namespaces
- Assign multiple Tenants
- Cordon Tenants
- Disable Service Types
- Taint Services
- Allow adding labels and annotations on namespaces
- Velero Backup Restoration
- Deny Wildcard Hostnames
NB: as we improve Capsule, more use cases about multi-tenancy and cluster governance will be covered.
Now let's see how the cluster admin onboards a new tenant. Onboarding a new tenant.