github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
29df1fdc1eef558ce2f652dffd68da013f71f0ff
cozystack/packages/apps/tenant
History
Andrei Kvapil c4e048b315 fix race conditions for seaweedfs and fix tests preparing (#1371) 
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->

## What this PR does


### Release note

<!--  Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->

```release-note
fix race conditions for seaweedfs and fix tests preparing
```

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* Chores
* Increased deployment timeouts to 10 minutes and set install/upgrade
remediation to unlimited retries for SeaweedFS, ingress, and monitoring
components to improve deployment resilience.
* Tests
* Extended end-to-end readiness waits for alerting components from 5 to
15 minutes for more stable test runs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-01 19:46:46 +02:00
..
charts
Add helper function to generate subjects
2025-06-16 19:19:57 +03:00
logos
Update dashboard icons (#274)
2024-08-12 14:47:11 +02:00
templates
fix race conditions for seaweedfs and fix tests preparing (#1371)
2025-09-01 19:46:46 +02:00
.helmignore
Ship all logos with Cozystack
2024-07-16 17:31:52 +02:00
Chart.yaml
[virtual-machine] Use external IP for egress traffic for PortList method too
2025-08-29 19:49:45 +02:00
Makefile
[apps] Use new OpenAPI schema and README generator for tenants
2025-08-07 11:40:22 +03:00
README.md
Update cozyvalues-gen
2025-08-08 00:26:51 +02:00
values.schema.json
Update cozyvalues-gen
2025-08-08 00:26:51 +02:00
values.yaml
[apps] Use new OpenAPI schema and README generator for tenants
2025-08-07 11:40:22 +03:00

README.md

Tenant

A tenant is the main unit of security on the platform. The closest analogy would be Linux kernel namespaces.

Tenants can be created recursively and are subject to the following rules:

Tenant naming

Tenant names must be alphanumeric. Using dashes (-) in tenant names is not allowed, unlike with other services. This limitation exists to keep consistent naming in tenants, nested tenants, and services deployed in them.

For example:

  • The root tenant is named root, but internally it's referenced as tenant-root.
  • A nested tenant could be named foo, which would result in tenant-foo in service names and URLs.
  • However, a tenant can not be named foo-bar, because parsing names such as tenant-foo-bar would be ambiguous.

Unique domains

Each tenant has its own domain. By default, (unless otherwise specified), it inherits the domain of its parent with a prefix of its name. For example, if the parent had the domain example.org, then tenant-foo would get the domain foo.example.org by default.

Kubernetes clusters created in this tenant namespace would get domains like: kubernetes-cluster.foo.example.org

Example:

tenant-root (example.org)
└── tenant-foo (foo.example.org)
    └── kubernetes-cluster1 (kubernetes-cluster1.foo.example.org)

Nesting tenants and reusing parent services

Tenants can be nested. A tenant administrator can create nested tenants using the "Tenant" application from the catalogue.

Higher-level tenants can view and manage the applications of all their children tenants. If a tenant does not run their own cluster services, it can access ones of its parent.

For example, you create:

  • Tenant tenant-u1 with a set of services like etcd, ingress, monitoring.
  • Tenant tenant-u2 nested in tenant-u1.

Let's see what will happen when you run Kubernetes and Postgres under tenant-u2 namespace.

Since tenant-u2 does not have its own cluster services like etcd, ingress, and monitoring, the applications running in tenant-u2 will use the cluster services of the parent tenant.

This in turn means:

  • The Kubernetes cluster data will be stored in etcd for tenant-u1.
  • Access to the cluster will be through the common ingress of tenant-u1.
  • Essentially, all metrics will be collected in the monitoring from tenant-u1, and only that tenant will have access to them.

Example:

tenant-u1
├── etcd
├── ingress
├── monitoring
└── tenant-u2
    ├── kubernetes-cluster1
    └── postgres-db1

Parameters

Common parameters

Name Description Type Value
host The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). *string ""
etcd Deploy own Etcd cluster bool false
monitoring Deploy own Monitoring Stack bool false
ingress Deploy own Ingress Controller bool false
seaweedfs Deploy own SeaweedFS bool false
isolated Enforce tenant namespace with network policies, true by default bool true
resourceQuotas Define resource quotas for the tenant map[string]quantity {}
Reference in New Issue View Git Blame Copy Permalink