Azure, Cloud Computing, Kubernetes

6 Mins Read

A Guide to Implement Multi-Tenancy on Azure Kubernetes Service using Loft

Voiced by Amazon Polly

Overview

In the world of cloud-native applications, scalability and isolation are paramount concerns. When running multiple tenants or applications on a single Kubernetes cluster, you need a robust solution to manage resources, ensure security, and maintain performance.

Azure Kubernetes Service (AKS) is a popular choice for hosting Kubernetes clusters in the Azure cloud, and Loft is a powerful tool for implementing multi-tenancy on Kubernetes clusters. This blog post will guide you through implementing multi-tenancy on AKS using Loft.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Introduction

The word “tenant” typically means a person or a group of people who use a specific area or thing. When we talk about Kubernetes, a tenant is a group of people, programs, or tasks that use the same resources in a Kubernetes cluster. These resources could be areas, containers, services, or other items in Kubernetes.

Need for Tenancy Concept

Kubernetes uses “Namespaces” to divide the cluster into separate, isolated sections. But when you want to do more complex things with multiple groups of users, it gets tricky because Kubernetes namespaces are flat, and you can’t easily share resources between namespaces that belong to the same group of users.

Loft

Loft is a convenient tool for setting up a Multi-Tenancy Architecture on any Kubernetes cluster. It offers a user-friendly interface (UI) and a command-line interface (CLI) for easy implementation. To learn more, visit Loft Labs.

Prerequisites

  • A K8 cluster in Azure

Steps to install Loft on Windows

  1. Download the loft using the below command in the command prompt/powershell

2. Check for verification

Steps to create Multi-tenancy on the Azure K8 cluster

  1. Connect to the Azure K8 cluster as shown below

step1

Note: Install Azure CLI and login before proceeding to this step.

2. Start the Loft

step2

3. Enter the Email of the admin who will handle the base cluster.

step3

4. Credentials will be created and used for login.

step4

5. Sign in page looks as below. Sign in using the previous credentials.

step5

6. Configure the profile for the admin.

step6

7. The Admin Portal looks as below.

step7

8. Creating users

Let’s create four users and two teams here. The four users are:

  • User-t1-u1
  • User-t1-u2
  • User-t2-u1
  • User-t2-u2

The two teams are:

  • team-1
  • team-2

Let’s assume two different teams as two different tenants. A group of two users will be added to each team. The users in the team can access the resources of each other users and cannot use the resources of another team. To do so, let’s create two different virtual clusters and assign them to each team, which will be shown further. Below are the steps to create the users in the loft from the admin portal.

step8

The following link will be generated for configuring the user.

step8b

Share the link with the user and configure the user as shown below.

step8c

step8d

9. Create the Team using the below procedure.

step9

10. Below is the list of users and their respective team

step10

11. Creating virtual clusters(vcluster-team-1) and assigning the users to clusters.

step11

Select the Template

step11b

Give permission to the user to use the cluster.

step11c

12. Similarly, create vcluster-team-2

13. Now, there are totally three clusters.

step13

14. Connect to vcluster-team-1 as shown below.

step14

15. Copy the command shown.

step15

16. Use in CLI

step16

17. Verify the cluster

step17

18. Now, this cluster has its namespaces.

step18

19. Using the manifest file, let’s create pods, services, and deployment in this cluster.

Use the below yml file and save it with the name dem.yml

step19

20. Check for verification.

step20

21. Access the application using the load balancer IP

step21

22. Change the cluster to vcluster-team-2, as shown below:

step22

23. Check for namespaces, and this has its namespaces.

step23

24. This cluster won’t be having the resources created in another cluster.

step24

25. Let’s verify from UI

Below is the user-t1-u1 portal. Who has access to vcluster-team-1

step25

This user can see the services created in the vcluster-team-1

step25b

26. Similarly, the user-t1-u2 can also see the services created in vcluster-team-1

step26

27. Below is the user-t2-u1’s portal. Has only access to vcluster-team-2

step27

28. This user cannot see the services created in another cluster.

step28

By this way, isolation and Multi-tenancy can be achieved.

Conclusion

When many user or application groups need to share resources within a cluster while retaining isolation, Kubernetes’ multi-tenancy notion is essential. Loft offers a practical method for implementing multi-tenancy by building virtual clusters and efficiently handling resources. The blog clearly explains how to set up multi-tenancy on an Azure-hosted Kubernetes cluster using Loft, including managing users and teams, creating virtual clusters, and isolating resources. 

Drop a query if you have any questions regarding Multi-tenancy in AKS, and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Can this technique be implemented on the K8 clusters, including managed clusters like Amazon EKS?

ANS: – Yes, this can be implemented on all the clusters.

2. What is the root-level partitioning mechanism employed by Loft to establish virtual clusters?

ANS: – Loft employs a “namespace isolation” feature to create virtual clusters at the root level. This allows Loft to isolate and manage different sets of resources within Kubernetes namespaces, effectively creating distinct virtual clusters within a single Kubernetes cluster.

WRITTEN BY Deepak S

Deepak S is a Senior Research Associate at CloudThat, specializing in AWS services. He is passionate about exploring new technologies in cloud and is also an automobile enthusiast.

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!