[EnMasse] EnMasse multitenancy roles
Ulf Lilleengen
ulilleen at redhat.com
Thu Mar 23 13:34:17 UTC 2017
Hi,
Resending this as 3 of us were not subscribed to the list.
After our discussion yesterday, I've tried to collect my thoughts on
multitenancy. In our past discussions there have been sort of 2 views on
multitenancy: one where multitenancy is handled within the dispatch
router, and one with multiple isolated router networks. As Rob mentioned
(and I agree) we should think of supporting both.
I don't think took into account supporting isolated and non-isolated
tenants when we discussed this earlier. And I'm not sure if we should
think of it as just 1 role or 2 roles externally:
* Client - connects to the messaging endpoint
* Tenant - Manages one address space
(* Instance - Have 1 or more tenants)
* Messaging operator - Manages EnMasse instances and tenants
* OpenShift operator - Manages OpenShift
Instances are isolated into separate OpenShift namespaces, while a
tenant may share the same instance (routers and possibly brokers) with
other tenants.
Does it make sense to think of it this way? With this definition we have
support for multiple instances today, but not multiple tenants within
the same instance.
We expose the ability to create and manage instances, but would also
need to support another dimension in the addressing API for tenants
(instance/foo/tenant/bar/address ?). Another approach would be to
replace this API with something that allows you to create tenants and
specify isolation as a property on the tenant resource.
--
Ulf
More information about the enmasse
mailing list