Let many teams safely share one Kubernetes cluster — self-service namespaces within enforced isolation, quotas, and policies — with Capsule.

Welcome to Capsule: Kubernetes Multi-Tenancy.

A practical, in-depth guide to Capsule, the Kubernetes multi-tenancy operator. Learn how Capsule lets many teams safely share one cluster: the Kubernetes multi-tenancy problem (namespaces are not tenants), the operator and webhook architecture, the Tenant model and namespace self-service, tenant-level resource quotas, policy enforcement (network, registries, node selectors), automatic RBAC and Capsule Proxy, security and isolation (soft multi-tenancy and hardening), and operating Capsule at scale.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What Capsule Is
2. Chapter 2 — The Kubernetes Multi-Tenancy Problem
3. Chapter 3 — Architecture
4. Chapter 4 — Tenants and Namespace Self-Service
5. Chapter 5 — Resource Quotas and Limits
6. Chapter 6 — Policy Enforcement
7. Chapter 7 — RBAC and Capsule Proxy
8. Chapter 8 — Security and Isolation
9. Chapter 9 — Operations and Observability
10. Chapter 10 — Capsule in Practice