Kubesphere - Multi tenant management

One 、KubeSphere - Multi tenant management

In the last article, we learned to use kubekey build k8s Clusters and kubesphere, about kubesphere In the introduction , One of the highlights is multi tenant management . What is multi tenant management ？RBAC Everyone should know about role permission control , With this scheme, we can easily control personnel permissions , Similarly, this scenario is also a very good scenario for enterprise project operation control , It is very beneficial for the enterprise to arrange and control the project .

such as , With the continuous expansion of the business scale of a company , Different partitions or subsidiaries may be derived , To do different projects , For example, Jiangsu Branch will do e-commerce and logistics projects 、 Shanghai branch also does communication, etc , Each subsidiary has multiple projects , Each project has different teams responsible for different modules . The control of personnel authority needs to be done in great detail , For example, production environment projects , Only the operation and maintenance personnel can operate , Development access should only be allowed to view , The project manager should create the project , The administrator of the branch company should be able to see the project situation of the whole branch company , For the head office, you should be able to see the project situation of all companies .

The control of such personnel permissions , Use RBAC Multi tenancy is very suitable , And now multi tenant management has become a popular solution for enterprise project management , adopt RBAC The authority control of can make different people only have the jurisdiction within their own authority .

KubeSphere Has helped us integrate the function of multi tenancy ,KubeSphere The tenant system of is divided into three levels , namely to cluster around 、 Enterprise space 、 project . Among them, the project is equivalent to k8s The namespace in .

Now we are based on the above scenario , Again KubeSphere Create different tenants , According to the above scenario, we are KubeSphere You can simply create the following tenants ：

• Head office personnel management （hr)： Only changes in management , Control the permission role of personnel .
• Head office administrator (zmanager)： You can create a branch enterprise space , And you can view the situation of all projects .
• Branch Manager (fmanager)： You can view all projects under the branch .
• project manager (pm)： You can create projects , Can operate the project .
• group leader (gl)： Can manage the project , Resources other than user roles
• Development (dev)： Only items can be viewed
• Operation and maintenance (op)： Can manage the project , Resources other than user roles

The following is KubeSphere Create the above tenants , among KubeSphere Has brought some characters , It can meet most scenes , Users can also customize roles according to their own scenes , Let's use our own characters to demonstrate .

Two 、KubeSphere Multi tenant practice

Get into KubeSphere Home page , Under the platform management in the upper left corner , Access control is to control multi tenant management , There is only one default admin user ：

1. Create head office personnel management hr

use first admin The user to create Head office personnel management hr, In the future, people should use hr user .

Under the user module , Click the Add button on the right , add to hr user , The role of the user should only have the permission of the user on the management platform ：

sign out admin , Use hr The account login , It can be found that there is only one access control permission ：

The following personnel operations should use hr Tenant to operate .

2. Create head office administrator zmanager

The head office administrator should have the permission to create enterprise space ：

3. establish Branch Manager 、 project manager 、 group leader 、 Development 、 Operation and maintenance user

Branch Manager fmanager、 project manager pm、 group leader gl、 Development dev、 Operation and maintenance op These roles are related to enterprise space , It's all from the branch office , Therefore, the fine-grained role is played by the branch company itself , Here the characters are given platform-regular You cannot access any resources before being invited to join the enterprise space .

4. The head office administrator creates an enterprise space for the branch

Log in to the account of the head office administrator zmanager, Creating enterprise space , The administrator should specify Branch Manager fmanager：

5. The branch administrator invites people

Log in to the branch administrator fmanager account number , Invite the project manager Enter your own enterprise space ：

The project manager should have the authority to create projects ：

group leader 、 Development 、 Operation and maintenance , to company-regular Just check the permissions set in the enterprise space , Specifically, ask the project manager to set the permissions about the project ：

6. The project manager creates the project , And invite people into the project

Log in to the project manager pm Account number , Create a project ：


After the project is created , Entry project , The invitation Team leader and operation and maintenance personnel , The team leader and operation and maintenance personnel can manage the project , Permissions of resources other than user roles ：


Invite developers , Development only has permission to view ：

Up to now, the personnel tenant relationship has almost been allocated , Let's test .

3、 ... and 、 People tenant testing

land dev Developer account , Only items can be viewed , Do not operate ：

land op Operations staff , It can be operated ：

Log in to the head office administrator zmanager, You can view this item ：


Love little buddy can pay attention to my personal WeChat official account. , Get more learning materials ！