当前位置：网站首页>[cloud native topic -48]:kubesphere cloud Governance - operation - overview of multi tenant concept

The multi tenant function is kubesphere The basic function of , Not component functions , therefore , There is no need to install any components for multi portfolio management .

The multi tenant function is kubesphere stay K8S On the basis of , The first value-added function .

1.3 Multiuser system VS multi-tenancy

Modern software generally belongs to multi-user applications , in other words , The same machine and the same set of software can establish their own accounts for multiple users , Users with these accounts are also allowed to log on to this computer at the same time . This involves the management of computer users and resources . Simply put, multiple users can establish multiple users on one application system .Linxu The operating system is a multi-user time-sharing system , Each user has his own right Linux The operating system has independent access rights .

Multi tenancy and multi-user are different concepts , Rent has the concept of temporary , By the right of use , No ownership . The ownership of shared cloud resources belongs to cloud manufacturers , Users using cloud vendor services , All tenants , therefore kubesphere In the management system , Created administrator account , In fact, it can't be counted as a user account , It's the tenant account .

“ Tenant ” be relative to “ user “, Higher resource utilization .

1.4 multi-tenancy VS single-tenant

Single tenant system , That is, a single tenant rents all resources , If there are multiple tenants , You need to create an independent instance copy for each tenant , Including memory space 、 Hard disk space, etc , Multi tenancy is different , There is no need to create separate instances for each tenant , Multiple different users share the same underlying resources , Ensure the isolation of resources between different tenants through isolation technology .

Individual taxi is a single tenant system , Different tenants need to take different taxi instances , And a group of people making buses or multi person carpooling is a multi tenant system .

Taobao or JD systems , It is a multi tenant system , Different sellers use the same cloud platform , Every seller is a tenant , The respective resources are isolated , And don't pay money when it's due , The account is released , For other tenants .

many “ Tenant ” be relative to “ single-tenant “, The utilization rate of resources is further improved , Multi tenancy is a necessary function of cloud native applications . This is an important measure to further dynamically improve the utilization of hardware resources and virtual resources , Also on cloud commerce 、 Public cloud based application system means to reduce costs , It is an important foundation for the existence of public cloud . Otherwise , Compared with private cloud or non cloud systems , Public cloud has no cost advantage .

1.5 Multi tenant professional presentation

SaaS The concept of tenant is generally involved in the field .

Multi-tenant technology （ English ：multi-tenancy technology） Or multi-tenancy technology , yes A kind of Software architecture technology , It is to explore and implement how to share the same system or program components in a multi-user environment , And it can still ensure the data isolation among users .

Multi tenancy simply means that a single instance can be Multiple Users or organizations service .

Multi tenancy technology uses a shared data center , Ensure a single system architecture and services , Provide the same or even customized services for most clients , And still can guarantee Customer data isolation . This is related to Linux In the system , Multi user time sharing Linux The operating system is similar .

A system that supports multi tenant Technology , We need to design it Data and configuration Virtual partition , So that each tenant or organization of the system can use one Separate system instances , also Every tenant You can customize the rented system instance according to your own needs Personalized configuration .

Multi tenant technology can share system instances among multiple tenants , At the same time, it can realize the personalized customization of the tenant's system instance . By using multi tenant technology, the common parts of the system can be shared , The parts of personality are isolated . By reusing resources among multiple tenants , Operation management and maintenance resources , Effectively save the cost of development and application . and , Sharing a single instance of the application between tenants , When the application is upgraded , All tenants can upgrade at the same time . meanwhile , Because multiple tenants share the core code of the system , So when the system upgrades , Just upgrade the same core code .

at present , Major cloud platforms , All are supported tenant systems .

The first 2 Chapter kubesphere Multi tenant system

2.1 Hierarchy of multi tenant system

KubeSphere The multi tenant system is divided into Three Hierarchy , Cluster 、 Corporate space and projects .

among ,KubeSphere The lowest level item in is equivalent to Kubernetes Of Namespace , Cluster 、 Enterprise space is built on K8S Further abstraction on the namespace of .

KubeSphere You can set up multiple clusters for , Corresponding to a group company , Multiple enterprise spaces can be established under a cluster , Corresponding to a company , An enterprise space can build multiple projects , Corresponding to the actual product line of the company , An instance of each level is a workspace, Other resources are isolated from other instances of the same level . As shown in the figure below ：

remarks ： The multi tenant architecture is consistent with the architecture of centralized enterprises .

2.2 Roles and users

Every level , Set a variety of roles , Such as admin,operator,viewer, Each role has different resource access permissions and management permissions , In other words, permission management is role-based .

Every character , You can create multiple user instances , Users with the same role have the same permissions , Users are ultimately assigned to KubeSphere Manager's account .

role

jurisdiction

colony

platform admin

（ Platform Administrator ）

platform user mananger

（ User administrator ）

platform regular

（ Ordinary users of the platform ）

workspace mananger

Management cluster platform Inside all resources

Management cluster In platform all user

Before being invited , There are no permissions , Only view

Create and manage all enterprise spaces

Enterprise space

workspace admin

（ Enterprise space manager ）

workspace self provider

（ Enterprise space self-management ）

worksapce regular

workspace viewer

Manage all resources in the specified enterprise space

Create and manage projects and DevOps project , And invite new members to join the project .

Daily managers of enterprises

Daily observer of the enterprise , Check the information

project

project-admin

（ Project manager ）

project-operator

（ Project operator ）

project-viewer

（ Project observers ）

Create and manage development projects and DevOps project

Create a project workload in the specified project 、 Pipelines and other resources .

You can only view the status information of the project

2.3 Authorize or invite

（1） Invite or authorize other accounts to manage specific permissions .

（2）kubesphere All accounts of are created at the cluster level , The role or responsibility of the account is assigned in the enterprise space and the project space .

（3） Create a cluster first , Then create an enterprise space , Then create the project .

The first 3 Chapter Main operation steps

step1：admin Change the initial password

 With  admin  The identity uses the default account and password  (admin/[email protected])  Sign in  Web  Console

srep2： Create cluster users

from admin establish platform user mananger
from platform user mananger establish workspace mananger, Including the Group boss-big
from platform user mananger establish platform regular, Including project management personnel pm-xxx、 Developer dev-xxx、 Experts big-xxx、 Administrators of various enterprise spaces boss-xxx Wait for users , This time the user has not been authorized , Knowledge creates an account , In the future, we will invite other characters , Called the manager of specific permissions . All subsequent roles for the cluster need to be created here . This role is equivalent to that of the company HR, Manage all departments of the company , Account numbers of all personnel in each project .

step3： Creating enterprise space

from workspace mananger Creating enterprise space

step4： assign / Invite enterprise users

from workspace mananger The invitation step2 The user created is workspace self provider
from workspace mananger The invitation step2 The user created is worksapce regular etc. .

step5： Create project （ It is a project deployed on the cloud platform , Can pass Kubesphere Deploy ）

from workspace self provider（PM） Create project

step6： assign / Invite project members

from workspace self provider Invite project members

step7： Deploy the application on the project

from project-operator You can deploy the application , This role usually includes developers 、 Testers, etc ......
As for how to deploy microservice applications , Please refer to the following article .

Author URI ( Silicon based workshop of slow fire rock sugar )： Slow fire rock sugar （ Wang Wenbing ） The blog of _ Silicon based workshop of slow fire rock sugar _CSDN Blog

Website of this article ：https://blog.csdn.net/HiWangWenBing/article/details/122911019

原网站

版权声明
本文为[Silicon based workshop of slow fire rock sugar]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202142019558238.html