Secure Multi-Tenancy for Charmed Kubernetes with Clastix’ new Charmed Operator
by Michael C. Jaeger on 19 May 2022
The new Charmed Operator covering the Capsule Kubernetes extension allows users of Canonical’s Charmed Kubernetes distribution to automatically install and integrate Clastix Capsule Multi-Tenancy as part of the Kubernetes cluster deployment process.
Capsule solves multi-tenancy for Charmed Kubernetes
Multi-tenancy is the ability to run workloads belonging to different subjects such as users, groups, and departments, in such a way that each subject’s workloads are isolated from each other. Multi-tenancy is becoming an important topic as more and more organizations adopt Kubernetes on a larger scale.
While it is possible to configure isolation through namespaces, implementing a true multi-tenancy in Kubernetes is challenging because of the flat nature of namespaces. Clastix has developed Capsule, an open-source operator to aggregate multiple namespaces in a tenant abstraction, while enforcing each tenant within a robust policies-driven boundary. Capsule’s secure multi-tenancy lets tenants create namespaces and self-serve workloads according to quota, limits, and other standard Kubernetes policies. Each tenant’s environment is isolated, with data invisible to other tenants.
Easier setup and management
Charmed Kubernetes comes with out-of-the-box tools that support deployments and operational management and make microservice development easier. This allows users to focus more on innovation and less on configuration when deploying Charmed Kubernetes, as the Juju framework encapsulates how elements of Kubernetes need to be configured and how they need to interact with each other. Combined with Clastix Capsule Multi-Tenancy, Charmed Kubernetes allows users to further reduce the operational overhead of Kubernetes setup and management.
“Clastix Capsule provides a multi-tenant abstraction that allows multiple teams to share a cluster within the same organization. By integrating Capsule with the Charmed Kubernetes, it can now provide an essential and critical capability of a secure self-service Kubernetes,” said Adriano Pezzuto, Founder, and CEO of Clastix. “We are delighted to offer Capsule to Canonical users looking for governability and security across their organization within the integrated ecosystem of Charmed Kubernetes.”
“The combination of Clastix Capsule and Charmed Kubernetes delivers end-users with a powerful multi-tenant experience that has all the machinery required to manage complex environments easily through Juju. As we’re seeing rising interest in the multi-tenancy space, it is compelling to have the capabilities and experience so seamlessly integrated,.” commented Alex Jones, Engineering Director for Kubernetes at Canonical.
The Charm is available to Charmed Kubernetes users via Charmhub.io.
Canonical is the publisher of Ubuntu, the OS for most public cloud workloads as well as the emerging categories of smart gateways, self-driving cars, and advanced robots. Canonical provides enterprise security, support, and services to commercial users of Ubuntu. Established in 2004, Canonical is a privately held company.
Clastix is the leader in Kubernetes multi-tenancy solutions. Clastix products and services help organizations of any size to overcome Day2 challenges and confidently run infrastructures based on Kubernetes. Clastix is the author of Capsule, an open-source operator for implementing multi-tenancy in Kubernetes, currently used in production by companies such as Fastweb, Wargaming, Dutch Railways, Bedag, and many others.