This repository is a practical toolkit for implementing multi-tenancy in OpenShift clusters using the Multi Tenant Operator (MTO) by Stakater. Designed to integrate with Argo CD for GitOps workflows, it allows users to seamlessly create and manage tenants, enforce quotas, and set up comprehensive access controls and more. With these resources, you can establish isolated, secure, and scalable environments tailored for DevOps efficiency and cloud-native development.
Install ArgoCD from OperatorHub. We use Red Hat's version of ArgoCD - OpenShift GitOps. Search for Red Hat OpenShift GitOps
in OperatorHub and install the operator by following the instructions.
Install MTO from OperatorHub. Search for Multi Tenant Operator
in OperatorHub and install the operator by following the instructions.
Please refer to this link for more details - https://docs.stakater.com/mto/latest/tutorials/installation.html
Once MTO is installed, search for the CR IntegrationConfig
and enable the Console and Showback to true:
components:
console: true
showback: true
Create a new namespace which we would be using throughout the hands-on:
oc new-project mto-hands-on
Keycloak is provided by the Multi Tenant Operator. Fetch the Keycloak URL by running the following command:
oc get route tenant-operator-keycloak -n multi-tenant-operator
From your Keycloak UI,
- Create a new client in the MTO realm.
- Set the client ID and name to
openshift
. - Follow the on-screen instructions to create the client. Once done, enable the
Client Authentication
and click onSave
. - Once done, go to the
Credentials
tab and copy theSecret
value. - Update the
config/oauth/secret.yaml
file with a base64 encoded version of theSecret
value.
- Go to Realm settings and click on
Action
->Partial Import
- Upload the json file from
config/keycloak/users.json
to add users to the realm.
Please note that in a real world scenario, you would be linking Keycloak with your organization's Identity Provider like LDAP or Active Directory. The json file with the list of users is just for the scope of this hands-on project.
Once the pre-requisites are installed, follow these steps to install the ArgoCD Application for MTO Hands-on.
oc apply -f argocd/mto-hands-on.yaml
Once the ArgoCD Application is installed, you can access the GitOps Console by following these steps:
oc get route rh-openshift-gitops-instance-server -n rh-openshift-gitops-instance
To get the password, run the following command:
oc get secret rh-openshift-gitops-instance-cluster -n rh-openshift-gitops-instance -o jsonpath='{.data.admin\.password}' | base64 -d
Then open the browser and login to the above URL with the following credentials:
Username: admin
Password: <password>
Monitor the progress of the ArgoCD Application installation by navigating to the Applications
tab in the ArgoCD Console. Make sure all the tenants, quotas and namespaces are created successfully.
You can access the MTO Console by following these steps:
oc get ingress -n multi-tenant-operator tenant-operator-console
Then open the browser and navigate to the above URL. By default, you can login with the following credentials:
Username: mto
Password: mto