Multi-tenancy

Multi-tenancy

PMK provides a layer of multi-tenancy on top of Kubernetes, so that you and members of your organization can collaborate and utilize multiple Kubernetes clusters across different teams and geographical regions.

PMK achieves the multi-tenancy using an open source component called Keystone. Each deployment of PMK comes with an instance of Keystone, deployed in the PMK Management Plane. Regions and Tenants are key multi-tenancy concepts in PMK. They are used to provide logical separation and grouping of your Kubernetes resources. When your PMK deployment is first created, a new user account with Administrator privileges is created in Keystone within the ‘service’ tenant for an authorized user provided by you.

The Administrator user can then invite more users to the PMK deployment by adding them to PMK using the UI or API. This operation adds the users to Keystone with the appropriate role.

The diagram below depicts the tenancy model and the relationship between regions, tenants, your Kubernetes clusters and platform users.

Regions

A region in PMK is a logical construct used for grouping of resources. We recommend mapping a PMK region to a site that represents a geographical location for your organization. This site might contain a private data center or co-location hosting physical servers and other resources that you may want to use to create your Kubernetes clusters from. The users at this site may also wish to utilize local regions from one or more public clouds for additional burstable capacity. We recommend aggregating all these resources under a single PMK region construct.

For example, a Palo Alto region for an organization might consist of one or more PMK clusters created on physical machines located in the Palo Alto data center for that organization, as well as some PMK clusters created on the US-west regions of Amazon AWS public cloud. These clusters will then be used by self-service users of the organization that are located in their Palo Alto offices. The same organization might create another PMK region called WDC to map resources in their Washington DC site, and provide access to this region to the self-service users located in their WDC offices.

Regions cannot be deployed on demand using the PMK UI or API today. If you’d like to creation additional regions in your PMK deployment, send a request to support@platform9.com

Tenants

A tenant is a core unit of multi-tenancy within PMK. We recommend mapping a tenant to a single team in a business unit of an organization. A PMK environment can have multiple tenants. A tenant can map to one or more PMK regions.

When a new PMK account is deployed, it gets a default tenant called “service” tenant in a default region.

We recommend mapping a tenant to a team or a portion of your organization. For example, you can create a Development tenant to map to your development team, and a QA tenant to map to your QA team.

A tenant fully owns clusters and cloud providers created by an Administrator within that tenant. These resources can not be shared across tenants or regions.

Once an administrator creates a tenant, he can then map one or more users or groups to be part of that tenant.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on Sep 29, 2022
Next to read:
Users, Groups and Roles

© 2023 Platform9. All Rights Reserved

On This Page
Multi-tenancyMulti-tenancyRegionsTenants