Azure, Cloud Computing, Kubernetes

6 Mins Read

A Guide to Implement Multi-Tenancy on Azure Kubernetes Service using Loft

Voiced by Amazon Polly

Overview

In the world of cloud-native applications, scalability and isolation are paramount concerns. When running multiple tenants or applications on a single Kubernetes cluster, you need a robust solution to manage resources, ensure security, and maintain performance.

Azure Kubernetes Service (AKS) is a popular choice for hosting Kubernetes clusters in the Azure cloud, and Loft is a powerful tool for implementing multi-tenancy on Kubernetes clusters. This blog post will guide you through implementing multi-tenancy on AKS using Loft.

Introduction

The word “tenant” typically means a person or a group of people who use a specific area or thing. When we talk about Kubernetes, a tenant is a group of people, programs, or tasks that use the same resources in a Kubernetes cluster. These resources could be areas, containers, services, or other items in Kubernetes.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Need for Tenancy Concept

Kubernetes uses “Namespaces” to divide the cluster into separate, isolated sections. But when you want to do more complex things with multiple groups of users, it gets tricky because Kubernetes namespaces are flat, and you can’t easily share resources between namespaces that belong to the same group of users.

Loft

Loft is a convenient tool for setting up a Multi-Tenancy Architecture on any Kubernetes cluster. It offers a user-friendly interface (UI) and a command-line interface (CLI) for easy implementation. To learn more, visit Loft Labs.

Prerequisites

  • A K8 cluster in Azure

Steps to install Loft on Windows

  1. Download the loft using the below command in the command prompt/powershell

2. Check for verification

Steps to create Multi-tenancy on the Azure K8 cluster

  1. Connect to the Azure K8 cluster as shown below

step1

Note: Install Azure CLI and login before proceeding to this step.

2. Start the Loft

step2

3. Enter the Email of the admin who will handle the base cluster.

step3

4. Credentials will be created and used for login.

step4

5. Sign in page looks as below. Sign in using the previous credentials.

step5

6. Configure the profile for the admin.

step6

7. The Admin Portal looks as below.

step7

8. Creating users

Let’s create four users and two teams here. The four users are:

  • User-t1-u1
  • User-t1-u2
  • User-t2-u1
  • User-t2-u2

The two teams are:

  • team-1
  • team-2

Let’s assume two different teams as two different tenants. A group of two users will be added to each team. The users in the team can access the resources of each other users and cannot use the resources of another team. To do so, let’s create two different virtual clusters and assign them to each team, which will be shown further. Below are the steps to create the users in the loft from the admin portal.

step8

The following link will be generated for configuring the user.

step8b

Share the link with the user and configure the user as shown below.

step8c

step8d

9. Create the Team using the below procedure.

step9

10. Below is the list of users and their respective team

step10

11. Creating virtual clusters(vcluster-team-1) and assigning the users to clusters.

step11

Select the Template

step11b

Give permission to the user to use the cluster.

step11c

12. Similarly, create vcluster-team-2

13. Now, there are totally three clusters.

step13

14. Connect to vcluster-team-1 as shown below.

step14

15. Copy the command shown.

step15

16. Use in CLI

step16

17. Verify the cluster

step17

18. Now, this cluster has its namespaces.

step18

19. Using the manifest file, let’s create pods, services, and deployment in this cluster.

Use the below yml file and save it with the name dem.yml

step19

20. Check for verification.

step20

21. Access the application using the load balancer IP

step21

22. Change the cluster to vcluster-team-2, as shown below:

step22

23. Check for namespaces, and this has its namespaces.

step23

24. This cluster won’t be having the resources created in another cluster.

step24

25. Let’s verify from UI

Below is the user-t1-u1 portal. Who has access to vcluster-team-1

step25

This user can see the services created in the vcluster-team-1

step25b

26. Similarly, the user-t1-u2 can also see the services created in vcluster-team-1

step26

27. Below is the user-t2-u1’s portal. Has only access to vcluster-team-2

step27

28. This user cannot see the services created in another cluster.

step28

By this way, isolation and Multi-tenancy can be achieved.

Conclusion

When many user or application groups need to share resources within a cluster while retaining isolation, Kubernetes’ multi-tenancy notion is essential. Loft offers a practical method for implementing multi-tenancy by building virtual clusters and efficiently handling resources. The blog clearly explains how to set up multi-tenancy on an Azure-hosted Kubernetes cluster using Loft, including managing users and teams, creating virtual clusters, and isolating resources. 

Drop a query if you have any questions regarding Multi-tenancy in AKS, and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, AWS EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.

FAQs

1. Can this technique be implemented on the K8 clusters, including managed clusters like Amazon EKS?

ANS: – Yes, this can be implemented on all the clusters.

2. What is the root-level partitioning mechanism employed by Loft to establish virtual clusters?

ANS: – Loft employs a “namespace isolation” feature to create virtual clusters at the root level. This allows Loft to isolate and manage different sets of resources within Kubernetes namespaces, effectively creating distinct virtual clusters within a single Kubernetes cluster.

WRITTEN BY Deepak S

Deepak S works as a Research Intern at CloudThat. His expertise lies in AWS's services. Deepak is good at haunting new technologies and automobile enthusiasts.

Share

Comments

    Click to Comment