Page Comparison

Multi-cluster tenant controller

1. Tenant created at Multi scheduler site (ONAP4K8S)

Identifying K8S clusters for this tenant based on cluster labels

1. Send the Tenant details to the K8s cluster

At K8s cluster level

1. Creating namespace
2. Creating K8S users (Tokens, Certificates and User/Pwds)
3. Creating K8S roles
4. Creating permissions to various roles.

1. Tenant controller at K8s cluster level [Implemented]
   1. A tenant can have multiple namespaces 
      1. Tenant-a
         1. ns1
         2. ns2
      2. It creates Tenant-a-ns1 and Tenant-a-ns
2. Cluster-admin: This persona has full read/write privileges for all resources in the cluster including resources owned by various Tenants of the cluster [Not implemented].
3. Cluster-view: This persona has read privileges for all resources in the cluster including reasources owned by various Tenants [Not implemented].
4. Tenant-admin: This persona has privileges to create a new tenant, read/write resources scoped to that Tenant and update or delete that Tenant. This persona does not have any privileges for accessing resources that are either cluster-scoped or scoped to namespaces that are not associated with the Tenant object for which this persona has Tenant-admin privileges.[Implemented]
5. Tenant-user: This persona has read/write privileges for all resources scoped within a specific Tenant (that is resources that are scoped within namespaces that are owned by a specific Tenant) [Not implemented].

Certificate Provisioning with Tenant

• Suggestion to use Isito using citadel

• Quota at the application level.
•  Tenant group support: Quota at the tenant group level (Multiple namespaces), ISTIO at the tenant group level.

• Resource quota based on the tenant with multiple namespace[Not implemented].