SP and Tenant Overview

Service Provider

User Roles and Access in Service Provider

A service provider company ‘A’ might have a domain, for example.

Each domain can have multiple tenants (such as Tenant-1 and Tenant-2), which can be a business unit of company A or a vendor.

Each tenant can have multiple projects such as Project-1, Project-2, Project-3, and Project-4. The projects can represent different departments such as finance and marketing. Clusters are shared between projects.

_images/relationships.png _images/access_permissions.png

The tenant admin, project admin, and project member can deploy applications.

  • Service provider - Manages the entire node inventory, tenant provisioning and manage­ment.

  • Tenant admin - Manages the infrastructure, clusters, projects and user access to the projects.

  • Project admin - Manages users and applications in the project. The project admin is respon­sible for uptime, SLAs, and the overall health of deployed applications.

  • Project member - Same as the project admin, except they cannot add other people to the project.

  • Project viewer - Views (with read-only access) all the applications, logs, and events in a Project. However, it doesn’t have the permission to modify anything in the project.

Service Provider Observability

The Service Provider can:

  • View CPU, memory, storage, and network metrics of the entire domain.

    _images/sp_capacity.png

  • View events (related to Kubernetes objects) within the domain.

  • Check the capacity and utilization for each tenant in the domain.

    _images/sp_observe.png

Tenants

Tenants are the set of resources and people in a Domain. Spektra provides complete isolation between tenants.

For example, if a service provider creates a user called admin, and a tenant admin creates a user called admin as well, these admin users are isolated from each other and are consid­ered as separate objects. You create, manage, and attach multiple clusters within a tenant.

The tenant admin oversees the tenant. Tenant admins and tenants can view the nodes available, create clusters, manage capacity, use cloud capacity to add any number of nodes, and use them in the cluster. Tenant admins can give their teammates access to deploy workloads inside the cluster.

Tenant Creation

Login as SP admin to create a tenant.

  1. Select Tenant from the left side menu bar.

  2. Select New Tenant to display the new tenant creation workflow.

  3. Enter the tenant a name.

    Note

    Only lowercase characters are allowed. For example, docadmin

  4. Pick a color to identify the tenant.

  5. Optionally, enter a label to identify the tenant. Labeling your infrastructure gives you an efficient way to keep track of it. Specify values for at least three labels. Diamanti accepts the standard Kubernetes label format.

  6. Add a user to administer this tenant.

  7. Enter the password.

    Note

    The password must be eight characters with one uppercase letter, one lowercase letter, and a special character.

  8. Click on create tenant button.

  9. Tenant is created successfully and it is listed on the tenant page.

_images/create_tenant.png