Onboarding New Tenants for the Flux2 Multi-Tenancy Project
This guide will cover the process of onboarding new tenants for the Flux2 Multi-Tenancy project. We will go through the possible options and provide examples for each option, using the official documentation and code snippets provided.
Prerequisites
Before we begin, make sure you have a good understanding of the following technologies and dependencies:
- The Big Picture
- Design Philosophy
- Programming languages
- Flux
- Kustomize
- Git
- Kubernetes
- Helm
- Kyverno
- sops
- gnupg
- kubeconform
- Kind
Creating a Tenant
To create a new tenant in Flux2 Multi-Tenancy, you can use the flux create tenant command. This command generates namespaces, service accounts, and role bindings to limit the reconcilers’ scope to the tenant namespaces.
Here’s an example of creating a tenant with access to a namespace:
flux create tenant dev-team \
--with-namespace=frontend \
--label=environment=dev
You can also generate tenant namespaces and role bindings in YAML format:
flux create tenant dev-team \
--with-namespace=frontend \
--with-namespace=backend \
--export > dev-team.yaml
For more information, refer to the official documentation.
Multi-Tenancy Configuration
To make Flux safe for multi-tenancy, you can use namespaces and role-based access control (RBAC) to segment and isolate resources. Flux defers to Kubernetes’ native RBAC to specify which operations are authorized when processing its custom resources.
A platform admin can lock down Flux on multi-tenant clusters during bootstrap with the following patches:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
For more details, refer to the Flux multi-tenancy documentation.
Additional Resources
- Flux Documentation
- Flux Security Documentation
- Google Season of Docs 2023
- Flux Code Documentation
- Flux Support
- Flux Resources
