Skip to content

CloudWorks Multi-Tenancy

Introduction

Multi-tenancy is a key requirement for organizations managing multiple teams, customers, or environments within a single cloud platform. Taikun CloudWorks provides powerful multi-tenant capabilities through Projects, Role-Based Access Control (RBAC), vClusters, Cloud Credentials, and Network Policies. This document provides an in-depth understanding of how Taikun enables multi-tenancy, best practices, and how to structure a multi-tenant architecture effectively.

1. Projects: The Core of Multi-Tenancy

Key Features of Projects

  • Isolated Environments: Each project is independent, with its own configurations, resources, and networking.
  • Resource Quotas: Define CPU, memory, and storage limits per project.
  • Cloud Provider Segmentation: Assign different cloud providers to different projects.

Best Practices for Projects in Multi-Tenancy

  • Use separate projects for different tenants (e.g., customers, internal teams).
  • Establish naming conventions (e.g., tenantA-dev, tenantA-prod).
  • Apply role-based access (covered in the next section) to control access per project.

2. Role-Based Access Control (RBAC) & User Management

Available Roles

  • Partner: Manages multiple tenants (e.g., reseller model).
  • Manager: Administers projects and clusters.
  • User: Standard tenant user with limited access to only their assigned projects.

RBAC Best Practices

  • Assign Managers per tenant to control their own projects.
  • Use LDAP/SSO integration for enterprise authentication.
  • Ensure Users only have access to their specific projects and resources.

3. Self-Service Capabilities & User Roles

Taikun CloudWorks enables self-service capabilities for different user roles, allowing teams to operate independently while maintaining governance. Self-service empowers users to manage infrastructure, provision resources, and monitor workloads without requiring direct administrator intervention.

Role-Based Self-Service Access

Partner

  • Can create and manage multiple tenants.
  • Controls billing, usage policies, and governance across all customers.
  • Delegates administration to Managers.

Manager

  • Can create, modify, and delete projects within assigned tenants.
  • Manages cloud credentials and infrastructure configurations.
  • Oversees user role assignments within their projects.

User

  • Can deploy and manage workloads within assigned projects.
  • Has self-service access to view and monitor resources.
  • Limited to actions defined by project-level policies.

Key Benefits of Self-Service in Multi-Tenancy

  • Reduces Operational Overhead: Users can provision their own resources without requiring admin approvals.
  • Improves Agility: Teams can quickly adapt infrastructure to business needs.
  • Maintains Governance & Security: RBAC ensures users operate within predefined boundaries.

4. vCluster: Virtual Kubernetes Clusters for Isolation

vClusters (Virtual Clusters) provide another layer of multi-tenancy by allowing multiple Kubernetes clusters within a single parent cluster. This ensures that tenants are isolated while sharing the same physical infrastructure.

Benefits of vClusters in Multi-Tenency

  • Full Kubernetes API access for each tenant.
  • Workload and namespace isolation without deploying multiple full clusters.
  • Better resource utilization compared to separate clusters per tenant.

5. Cloud Credentials & Multi-Cloud Management

Organizations using multi-cloud environments need a way to segregate tenants across different cloud providers. Taikun allows attaching separate cloud credentials per tenant.

Key Features

  • Assign different credentials per project (AWS, Azure, OpenStack, etc.).
  • Enforce cloud quotas and limits per tenant.
  • Restrict user access to specific cloud environments.

6. Network Policies & Security for Multi-Tenancy

Proper network segmentation is crucial in multi-tenant environments to prevent unauthorized communication between tenants.

Network Policy Considerations

  • Restrict intra-tenant access using Kubernetes Network Policies.
  • Use Bastion Load Balancers to securely expose tenant workloads.
  • Ensure separate VPCs or subnets per tenant for further isolation.

7. Best Practices for Structuring Multi-Tenant Environments in Taikun

Here’s a recommended approach to designing a scalable and secure multi-tenant architecture using Taikun:

Multi-Tenancy Architecture Blueprint:

  1. Use Projects as Tenant Boundaries → Each customer/team gets a dedicated project.
  2. Leverage vClusters for User/Application Isolation → If stronger isolation is needed.
  3. Assign Cloud Credentials Per Tenant → Ensures financial and operational segregation.
  4. Apply RBAC for Access Control → Limit admin access and enforce least privilege.
  5. Implement Network Policies → Secure tenants from accidental cross-communication.
  6. Enable Monitoring & Logging Per Tenant → Ensure visibility and compliance.

Conclusion

Taikun CloudWorks provides a robust multi-tenant architecture through Projects, RBAC, vClusters, Cloud Credentials, and Network Policies. By following best practices and leveraging the right combination of these features, organizations can ensure strong isolation, security, and cost efficiency in their multi-tenant cloud environments.