Reference

Tenant CRD Reference

Complete reference for the Capsule Tenant custom resource.

API Version

apiVersion: capsule.clastix.io/v1beta2
kind: Tenant

Example

apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: bd
  labels:
    app.kubernetes.io/name: bd
    app.kubernetes.io/component: tenant
    app.kubernetes.io/managed-by: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "2"
spec:
  owners:
    - kind: ServiceAccount
      name: system:serviceaccount:capsule-system:bd-sa
  namespaceOptions:
    quota: 20
  resourceQuotas:
    scope: Tenant
    items:
      - hard:
          requests.cpu: "16"
          requests.memory: 32Gi
          limits.cpu: "32"
          limits.memory: 64Gi

Spec Fields

owners (required)

List of entities that own this tenant.

spec:
  owners:
    - kind: ServiceAccount | User | Group
      name: <name>

Field	Type	Description
kind	string	Type of owner: ServiceAccount, User, or Group
name	string	Full name of the owner entity

ServiceAccount format: system:serviceaccount:<namespace>:<name>

namespaceOptions

Configuration for tenant namespaces.

spec:
  namespaceOptions:
    quota: 10

Field	Type	Description
quota	integer	Maximum namespaces this tenant can create

resourceQuotas

Aggregate resource limits for all tenant namespaces.

spec:
  resourceQuotas:
    scope: Tenant | Namespace
    items:
      - hard:
          requests.cpu: "8"
          requests.memory: 16Gi
          limits.cpu: "16"
          limits.memory: 32Gi

Field	Type	Description
scope	string	Tenant (aggregate) or Namespace (per-namespace)
items	array	List of quota specifications
items[].hard	object	Hard limits (same format as K8s ResourceQuota)

Supported quota keys:

• requests.cpu, limits.cpu

• requests.memory, limits.memory

• pods, services, secrets, configmaps

• persistentvolumeclaims, requests.storage

networkPolicies (optional)

Default network policies applied to all tenant namespaces.

spec:
  networkPolicies:
    items:
      - policyTypes:
          - Ingress
          - Egress
        egress:
          - to:
              - ipBlock:
                  cidr: 0.0.0.0/0
        ingress:
          - from:
              - namespaceSelector:
                  matchLabels:
                    capsule.clastix.io/tenant: bd

limitRanges (optional)

Default limit ranges for tenant namespaces.

spec:
  limitRanges:
    items:
      - limits:
          - type: Pod
            min:
              cpu: "10m"
              memory: "16Mi"
            max:
              cpu: "2"
              memory: "4Gi"

Status Fields

status:
  namespaces:
    - bd-prod
    - bd-staging
  size: 2
  state: Active

Field	Type	Description
namespaces	array	List of namespaces belonging to this tenant
size	integer	Number of namespaces
state	string	Tenant state: Active, Cordoned

Useful Commands

# List all tenants
kubectl get tenants

# Get tenant details
kubectl describe tenant bd

# Check tenant namespaces
kubectl get tenant bd -o jsonpath='{.status.namespaces}'

# Check tenant state
kubectl get tenant bd -o jsonpath='{.status.state}'

Related Documentation

• Reference: Configuration Options

• Explanation: Multi-Tenancy Model