This feature is available in Enterprise Edition only.
This feature is actively developed. It might significantly change in the future.
The module allows you to create isolated environments in a Kubernetes cluster.
You can use the pre-made template and a Project custom resource to create identical, isolated environments in a Kubernetes cluster, each with users with access rights set up (see Examples for more details).
Creating isolated environments using the multitenancy-manager module can be handy in the following cases:
- As part of the CI/CD process — creating developer environments for testing or showcasing code.
- When deploying applications — providing limited access to the cluster to the developer.
- When cluster resources are shared between multiple tenants.
Module features
- Managing user and group access via the RBAC Kubernetes mechanism (based on the user-authz module).
- Managing isolation levels of particular environments.
- Creating templates for multiple environments and customizing by parameters according to OpenAPI specification.
- Fully
Helm-compatible resource templates.
How the module works
When a Project resource is being created, the following things happen:
- A
Namespaceis created with the name from the Project resource. - An AuthorizationRule is created with the data specified in the subjects field of the ProjectType resource.
- Templates (parameter resourcesTemplate of the ProjectType resource) are rendered using Helm. The values used for rendering are derived from the template parameter of the Project resource. During rendering, values are validated against the OpenAPI specification (parameter openAPI of the ProjectType resource).
Since templates are rendered using Helm, you can define any necessary Kubernetes objects, such as NetworkPolicy, LimitRange, ResourceQuota, etc. in them.