Azure, Cloud Computing, Kubernetes

6 Mins Read

A Guide to Implement Multi-Tenancy on Azure Kubernetes Service using Loft


In the world of cloud-native applications, scalability and isolation are paramount concerns. When running multiple tenants or applications on a single Kubernetes cluster, you need a robust solution to manage resources, ensure security, and maintain performance.

Azure Kubernetes Service (AKS) is a popular choice for hosting Kubernetes clusters in the Azure cloud, and Loft is a powerful tool for implementing multi-tenancy on Kubernetes clusters. This blog post will guide you through implementing multi-tenancy on AKS using Loft.


The word “tenant” typically means a person or a group of people who use a specific area or thing. When we talk about Kubernetes, a tenant is a group of people, programs, or tasks that use the same resources in a Kubernetes cluster. These resources could be areas, containers, services, or other items in Kubernetes.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Need for Tenancy Concept

Kubernetes uses “Namespaces” to divide the cluster into separate, isolated sections. But when you want to do more complex things with multiple groups of users, it gets tricky because Kubernetes namespaces are flat, and you can’t easily share resources between namespaces that belong to the same group of users.


Loft is a convenient tool for setting up a Multi-Tenancy Architecture on any Kubernetes cluster. It offers a user-friendly interface (UI) and a command-line interface (CLI) for easy implementation. To learn more, visit Loft Labs.


  • A K8 cluster in Azure

Steps to install Loft on Windows

  1. Download the loft using the below command in the command prompt/powershell

2. Check for verification

Steps to create Multi-tenancy on the Azure K8 cluster

  1. Connect to the Azure K8 cluster as shown below


Note: Install Azure CLI and login before proceeding to this step.

2. Start the Loft


3. Enter the Email of the admin who will handle the base cluster.


4. Credentials will be created and used for login.


5. Sign in page looks as below. Sign in using the previous credentials.


6. Configure the profile for the admin.


7. The Admin Portal looks as below.


8. Creating users

Let’s create four users and two teams here. The four users are:

  • User-t1-u1
  • User-t1-u2
  • User-t2-u1
  • User-t2-u2

The two teams are:

  • team-1
  • team-2

Let’s assume two different teams as two different tenants. A group of two users will be added to each team. The users in the team can access the resources of each other users and cannot use the resources of another team. To do so, let’s create two different virtual clusters and assign them to each team, which will be shown further. Below are the steps to create the users in the loft from the admin portal.


The following link will be generated for configuring the user.


Share the link with the user and configure the user as shown below.



9. Create the Team using the below procedure.


10. Below is the list of users and their respective team


11. Creating virtual clusters(vcluster-team-1) and assigning the users to clusters.


Select the Template


Give permission to the user to use the cluster.


12. Similarly, create vcluster-team-2

13. Now, there are totally three clusters.


14. Connect to vcluster-team-1 as shown below.


15. Copy the command shown.


16. Use in CLI


17. Verify the cluster


18. Now, this cluster has its namespaces.


19. Using the manifest file, let’s create pods, services, and deployment in this cluster.

Use the below yml file and save it with the name dem.yml


20. Check for verification.


21. Access the application using the load balancer IP


22. Change the cluster to vcluster-team-2, as shown below:


23. Check for namespaces, and this has its namespaces.


24. This cluster won’t be having the resources created in another cluster.


25. Let’s verify from UI

Below is the user-t1-u1 portal. Who has access to vcluster-team-1


This user can see the services created in the vcluster-team-1


26. Similarly, the user-t1-u2 can also see the services created in vcluster-team-1


27. Below is the user-t2-u1’s portal. Has only access to vcluster-team-2


28. This user cannot see the services created in another cluster.


By this way, isolation and Multi-tenancy can be achieved.


When many user or application groups need to share resources within a cluster while retaining isolation, Kubernetes’ multi-tenancy notion is essential. Loft offers a practical method for implementing multi-tenancy by building virtual clusters and efficiently handling resources. The blog clearly explains how to set up multi-tenancy on an Azure-hosted Kubernetes cluster using Loft, including managing users and teams, creating virtual clusters, and isolating resources. 

Drop a query if you have any questions regarding Multi-tenancy in AKS, and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, AWS EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. Can this technique be implemented on the K8 clusters, including managed clusters like Amazon EKS?

ANS: – Yes, this can be implemented on all the clusters.

2. What is the root-level partitioning mechanism employed by Loft to establish virtual clusters?

ANS: – Loft employs a “namespace isolation” feature to create virtual clusters at the root level. This allows Loft to isolate and manage different sets of resources within Kubernetes namespaces, effectively creating distinct virtual clusters within a single Kubernetes cluster.


Deepak S works as a Research Intern at CloudThat. His expertise lies in AWS's services. Deepak is good at haunting new technologies and automobile enthusiasts.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!