How-To

Create a New Tenant

This guide shows how to add a new tenant for a team member.

Prerequisites

• Access to the dp-infra repository

• kubectl configured for cluster access

• Understanding of the team’s resource requirements

Steps

1. Edit config.yaml

Add the new tenant to dp-infra/capsule/config.yaml:

tenants:
  # Existing tenants
  - name: "bd"
    owners:
      - name: "system:serviceaccount:capsule-system:bd-sa"
        kind: "ServiceAccount"
    namespaceQuota: 20
    resourceQuotas:
      requests:
        cpu: "16"
        memory: "32Gi"
      limits:
        cpu: "32"
        memory: "64Gi"

  - name: "kup"
    owners:
      - name: "system:serviceaccount:capsule-system:kup-sa"
        kind: "ServiceAccount"
    namespaceQuota: 20
    # ...

  # Add new tenant
  - name: "dev"
    owners:
      - name: "system:serviceaccount:capsule-system:dev-sa"
        kind: "ServiceAccount"
    namespaceQuota: 5
    resourceQuotas:
      requests:
        cpu: "4"
        memory: "8Gi"
      limits:
        cpu: "8"
        memory: "16Gi"

2. Generate Manifests

cd dp-infra/capsule
npm run compile
npx ts-node main.ts

Expected output:

✅ Capsule manifests generated successfully
📦 Operator version: 0.7.2
👥 Tenants: bd, kup, programmatic, dev
📁 Output directory: manifests/

3. Review Generated Manifests

cat manifests/capsule.k8s.yaml | grep -A 20 "name: dev"

Verify the Tenant CRD looks correct:

apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: dev
spec:
  owners:
    - kind: ServiceAccount
      name: system:serviceaccount:capsule-system:dev-sa
  namespaceOptions:
    quota: 5
  resourceQuotas:
    scope: Tenant
    items:
      - hard:
          requests.cpu: "4"
          requests.memory: 8Gi
          limits.cpu: "8"
          limits.memory: 16Gi

4. Commit and Push

git add config.yaml manifests/
git commit -m "feat: add tenant dev for development team"
git push

5. Wait for ArgoCD Sync

ArgoCD will automatically sync the changes. Monitor progress:

kubectl get application capsule-app-c8754fc0 -n argocd -w

6. Verify Tenant Creation

kubectl get tenants
# NAME           STATE    NAMESPACE QUOTA   NAMESPACE COUNT
# bd             Active   20                0
# kup            Active   20                0
# programmatic   Active   10                0
# dev            Active   5                 0

7. Generate Kubeconfig for Tenant Owner

See How-To: Generate Kubeconfig.

Configuration Options

Namespace Quota

Limits how many namespaces the tenant can create:

namespaceQuota: 10  # Maximum 10 namespaces

Resource Quotas

Aggregated limits across all tenant namespaces:

resourceQuotas:
  requests:
    cpu: "8"        # Total CPU requests across all namespaces
    memory: "16Gi"  # Total memory requests
  limits:
    cpu: "16"       # Total CPU limits
    memory: "32Gi"  # Total memory limits

Related Documentation

• How-To: Generate Kubeconfig

• Reference: Configuration Options