v2.0
v1.0
  1. Release Notes
    1. Release Notes - 2.0.2Latest
    1. Release Notes - 2.0.1
    1. Release Notes - 2.0.0
  1. Introduction
    1. Introduction
    1. Features
    1. Architecture
    1. Advantages
    1. Glossary
  1. Installation
    1. Intruction
      1. Intro
      2. Port Requirements
    1. Install on Linux
      1. All-in-One Installation
      2. Multi-Node Installation
      3. Installing HA Master and Etcd Cluster
      4. Storage Configuration Instruction
    1. Install on Kubernetes
      1. Prerequisites
      2. Online Installation
      3. Offline Installation
    1. Related Tools
      1. Integrating Harbor Registry
    1. Cluster Operation
      1. Adding New Nodes
      2. High Risk Operation
      3. Uninstalling KubeSphere
  1. Quick Start
    1. Getting Started with Multitenancy
    1. Exposing your APP using Ingress
    1. Deploying a MySQL Application
    1. Deploying a Wordpress Website
    1. Job to compute π to 2000 places
    1. Deploying Grafana using APP Template
    1. Creating Horizontal Pod Autoscaler
    1. S2i: Publish your app without Dockerfile
    1. Canary Release of Microservice APP
    1. CI/CD based on Spring Boot Project
    1. Building a Pipeline in a Graphical Panel
    1. CI/CD based on GitLab and Harbor
    1. Ingress-Nginx for Grayscale Release
  1. Cluster Admin Guide
    1. Multi-tenant Management
      1. Overview of Multi-tenant Management
      2. Overview of Role Management
    1. Platform Management
      1. Account Management
      2. Platform Roles Management
    1. Infrastructure
      1. Service Components
      2. Nodes
      3. Storage Classes
    1. Monitoring Center
      1. Physical Resources
      2. Application Resources
    1. Application Repository
    1. Jenkins System Settings
  1. User Guide
    1. Application Template
    1. Workloads
      1. Deployments
      2. StatefulSets
      3. DaemonSets
      4. Jobs
      5. CronJobs
    1. Storage
      1. Volumes
    1. Network & Services
      1. Services
      2. Routes
    1. Configuration Center
      1. Secret
      2. ConfigMap
      3. Image Registry
    1. Project Settings
      1. Basic Information
      2. Member Roles
      3. Project Members
      4. Internet Access
    1. DevOps Project
      1. DevOps Project Management
      2. DevOps Project Management
      3. DevOps Project Management
      4. DevOps Project Management
      5. DevOps Project Management
  1. Development Guide
    1. Preparing the Development Environment
    1. Development Workflow
  1. API Documentation
    1. API Guide
    1. How to invoke KubeSphere API
KubeSphere®️ 2020 All Rights Reserved.

Getting Started with Multi-tenant Management

Objective

This guidebook is for new KubeSphere's cluster amin users. The aim is to lead you to create workspaces, roles and user accounts. After inviting the new users to the workspace, you will learn how to create projects and learn about DevOps projects. By familiarizing you with the accounts and multi-tenant management, this guidbook will help you start KubeSphere quickly.

Prerequisites

  • KubeDphere has been installed.
  • KubeSphere has been logged in with the default admin username and its password.

Estimated Time

  • About 15 minutes.

Hands-on Lab

Currently, the platform resources have three levels which are Cluster, Project and DevOps Project. As it shown below, there are multiple built-in roles in each organization and in each level.

Cluster Admin

Step 1: Create roles and accounts

The cluster-admin can create accounts and assign roles for other users. There are three common roles in the cluster level. The platform also supports customizing new roles.

Built-in Roles Descripition
cluster-admin Have the privilage to manage any resources in the cluster.
workspaces-manager Be able to manage all the workspaces and the belonging projects and the enginerring resources.
cluster-regular Regular users have no authority to manage resources after being invited to the workspaces.

Here is an example showing you how to create a new role (user-manager), grant the role account management and role management permission and how to create a new account and grant it as the users-manager.

Account Name Cluster Role Responsibility
user-manager user-manager Manage cluster accounts and roles

1.1 Click Platform Platform Roles. You can see the role list as follows. Click Create to create a role which is used to manage all accounts and roles.

1.2. Fill in the basic information and authority settings of the role.

  • Name: Use a simple name for browse and search such as user-manager.

  • Description: Describe the role's responsibility, such as Manage accounts and roles.

    1.3. Check all the authorities for accound and role management; then click Create.

1.4. Click Platform→Accounts. You can see the account list in the current cluster. Then click Create.

1.5. Fill in the new user's basic information. Set the username as user-manger; select the role user-manger. Other information can be customized. Then click Create.

1.6. Then use user-manager to create the following 4 accounts. ws-manger will be used to crease a workspace and assign the ws-admin as the workspace manager. Shift to the user-manger account and log into KubeSphere. Under the Account, create 4 accounts as mentioned above. Please refer to the following information for your accounts.

Account Name Cluster Role Responsibility
ws-manager workspaces-manager Create and manage all workspaces
ws-admin cluster-regular Manage all resources under the specified workspace
(This example is used to invite new members to join the workspace.)
project-admin cluster-regular Create and manage projects, DevOps projects, invite new members
project-regular cluster-regular The regular user will be invited to the project and DevOps project by the project-admin,
we use this account to create workloads, pipelines and other resources under the specified project

1.7. Verify the 4 accounts that we have created.

Workspace Admin

Step 2: Create a Workspace

Workspace is the base for KubeSphere's multi-tenant mode. It's also the base unit for user management projecs, DevOps projects and corporate members.

2.1. Log in KubeSphere with ws-manager which has the authority to check and manage all the workspaces on the platform.

Click platform managementWorkspace on the left top corner. You can see there is only one default workspace system-workspace, for running KubeSphere platform's related components and services. You are forbidden to delete this workspace.

Click Creare in the workspace list:

2.2. Logout and sign in with ws-admin after demo-workspace has been created. Then click View Workspace, select Worksapce Management → Members Management and click Invite Member.

2.3. Invite both project-admin and project-regular and grant them workspace-regular accordingly, click OK to save it. Now there are 3 members in the demo-workspace.

User Name Role in the Workspace Responsibility
ws-admin workspace-admin Manage all resources under the workspace
(We use this account to invite new members into the workspace)
project-admin workspace-regular Create and manage projects, DevOps projects, and invite new members to join
project-regular workspace-viewer Will be invited by project-admin to join the project and DevOps project.
we use this account to create workloads, pipelines, etc

Project Admin and DevOps Admin

Step 3: Create a Project

3.1. Sign in with project-admin that we created in Step 1, then click Create and select Create a resource project.

3.2. Name it as demo-project and keep the advanced settings as the default values, then click Create.

3.3. Choosing Project Settings → Project Members and click Invite Member.

3.4. Invite project-regular to this project and grant this user operator accordingly.

Step 4: Set the Gateway

Before creating a route, you need to enable a gateway for this project.

4.1. We still use project-admin, Choose Project Settings → Internet Access and click Set Gateway.

4.2. Keep the access method as NodePort and click Save.

4.3. Now we are able to see the Gateway Address (192.168.0.88), the NodePort of http and https respectively.

Step 5: Create DevOps Project

5.1. In this step, click Projects and click Create Project button, then select Create a DevOps project.

5.2. Fill in the basic information, e.g. demo-devops, then click Create button, it will jump to demo-devops page.

5.3. Similarly, navigate to Project Management → Project Members, then click Invite Member and grant project-regular as the role of maintainer, which is used to create pipeline, credentials, etc.