Overview of Multi-tenant Management

    In the KubeSphere multi-tenancy system, resources are divided into three levels:

    • Workspace
    • Project and DevOps project

    Resources at different levels can be flexibly customized to divide users’ permission scope, which is used to achieve resource isolation between different users.

    Common permission management models include ACL, DAC, MAC, RBAC and ABAC. In KubeSphere, we make use of the RBAC authority management model to control users’ authority. Users don’t need to directly associate with resources, but carry out authority control through role definition.

    Cluster

    Workspaces

    Under a cluster, you can create workspaces to manage different projects in groups. Projects and DevOps projects can be created in workspaces.

    Projects and DevOps projects

    Projects, DevOps projects are the minimum level of version permission management, consuming the resources of the cluster to deploy and build applications.

    Cluster permission control

    Workspaces permission control

    The workspaces role defines the user’s control authority over projects and projects in the workspaces and the management authority of workspaces members.

    Project and project permission control

    Creators of projects and projects can share their projects with other users by inviting members, giving different members different roles and differentiating permissions.

    IAM architecture