Cloud service providers typically expose parts of the management functionality to their external clients, for example, by instantiating Kubernetes clusters or allocating persistent storage, possibly even (data center) network configurations. The management infrastructure must provide different “views” for each key administrative role and its assigned users. At a minimum, these roles include the provider administrator, tenant administrator, and tenant user.
Access control has implications for what multitenancy means throughout the infrastructure: Portal access/views, logging information, and usage information must be linked to role. For example:
OpenShift Container Platform 4.2 role-based access control (RBAC) can be tied to your Microsoft Active Directory identity management environment. This link enables control over user and group access to the container ecosystem infrastructure and services, providing a good foundation for multitenancy support.
OpenShift Container Platform 4.2 is built on the concept that each project that runs within a cluster can be isolated from every other project. The project manager must be granted the administrative privilege to be able to see any other project in the cluster.
Cloud service providers typically require the ability to monitor and report on system utilization. OpenShift Container Platform 4.2 includes Prometheus system monitoring and metering and provides capability for extensive data logging. For more information about obtaining cluster resource consumption to drive usage billing through third-party application software, see the following Red Hat documentation: