**Capsule** is a [[Kubernetes]]-native multi-tenancy framework that allows a single Kubernetes cluster to be shared among multiple independent tenants — each with their own namespaces, resource quotas, network policies, and RBAC constraints — without requiring separate clusters per tenant. --- ### First Principle: Multi-tenancy should be enforced by the platform, not trusted to tenant self-restraint. Without multi-tenancy guardrails, a tenant with namespace-level access might consume all cluster resources, access other tenants' services, or misconfigure cluster-wide resources. Capsule enforces isolation through Kubernetes admission webhooks — tenants cannot exceed quotas, cross namespace boundaries, or touch resources they don't own. --- ### Key Considerations - **Tenant CRD**: A Capsule `Tenant` resource defines everything about a tenant — which namespaces they own, resource quotas, allowed container registries, node selectors, ingress classes, and network policies. - **Namespace Ownership**: Tenants can create and manage namespaces within their Tenant. Capsule prevents namespace proliferation and cross-tenant access. - **Aggregated Resource Quotas**: Capsule enforces quotas at the Tenant level — not just per namespace. A tenant with 10 namespaces still cannot collectively exceed their CPU/memory allocation. - **Allowed Resources**: Capsule can restrict which StorageClasses, IngressClasses, container registries, and node labels tenants can use. - **vs [[vCluster]]**: Capsule shares the underlying cluster API and etcd — lightweight but with shared cluster resources. [[vCluster]] creates a fully isolated virtual Kubernetes API server per tenant — stronger isolation but more overhead. --- ### How It Fits ``` [[Keycloak]] (authenticates tenant users) → Capsule (enforces multi-tenant boundaries) → [[Kubernetes]] namespaces (per-tenant workload isolation) → [[Open Policy Agent (OPA)]] (additional policy layer) ``` [[vCluster]] | [[Kubernetes]] | [[Keycloak]] | [[Open Policy Agent (OPA)]] | [[Open Source Hyperscaler MoC]]