Skip to main content

Capsule

Capsule is an open-source multi-tenant management addon for Kubernetes clusters that introduces a policy-driven “tenant” abstraction to partition and govern namespaces for different teams or business units (multi-tenancy, cluster governance).

  • Multi-tenant control plane over a single Kubernetes cluster with tenant custom resources (multi-tenancy, cluster governance).
  • Isolation and policy enforcement across tenants and namespaces, including resource quotas, network, and security policies (policy enforcement, security).
  • Role delegation for tenant administrators to manage their own namespaces and workloads within defined constraints (RBAC, access control).
  • Integration with existing Kubernetes constructs and APIs without modifying core Kubernetes components (Kubernetes platform tooling).
  • Support for multi-tenancy-aware policies around ingress, storage classes, container registries, and other shared resources (platform governance, resource management).

More About Capsule

Capsule operates as a Kubernetes operator and controller that introduces a first-class concept of “tenants” to a cluster, allowing platform teams to provide multi-tenancy on a single underlying Kubernetes Control Plane (KCP) (multi-tenancy, cluster governance). Instead of running multiple clusters for different teams or environments, Capsule uses Kubernetes custom resource definitions (CRDs) to model tenants and associate namespaces, users, and policies with those tenants. This model targets platform engineering, DevOps, and infrastructure teams that need separation, delegation, and governance while still using the native Kubernetes Application Programming Interface (API).

The core capability of Capsule is the tenant resource, which groups one or more namespaces and binds them to tenant owners and members via annotations and role bindings (identity and access management). For each tenant, Capsule can apply constraints such as resource quotas, limit ranges, allowed node selectors, and tolerations, ensuring that workloads stay within defined boundaries (policy enforcement, resource management). Capsule also works with Kubernetes network policies and other isolation mechanisms to reduce the risk of cross-tenant interference (security, network policy).

Capsule is implemented using the Kubernetes operator pattern, running in the cluster and reconciling the desired state of tenant objects with actual cluster resources (Kubernetes platform tooling). It integrates with upstream Kubernetes constructs such as namespaces, roles, role bindings, network policies, resource quotas, ingress resources, and storage classes, without patching or forking Kubernetes itself. Tenants are defined as CRDs managed through standard Kubernetes tooling like kubectl or GitOps pipelines, which allows automation and audit through existing workflows (infrastructure as code, GitOps compatibility).

For enterprise or institutional environments, Capsule supports scenarios where multiple application teams, business units, or customers share the same cluster. Platform administrators can define cluster-wide constraints, default policies, and available add-ons, while delegating day-to-day namespace management to tenant administrators (platform governance, access control). Tenant administrators can create and manage namespaces, deploy applications, and configure certain resources within the scope allowed by cluster policies, which reduces operational load on central platform teams.

Capsule also offers configuration options to control shared resources such as ingress controllers, container registries, and storage classes, so that each tenant can use only approved or assigned endpoints (resource governance, security). It can apply labeling and naming conventions automatically, which supports observability, cost allocation, and inventory management in multi-tenant clusters (operations management). Capsule fits into the Kubernetes ecosystem as a cluster add-on focused on multi-tenancy and governance rather than workload scheduling or deployment, and it can interoperate with other CNCF and Kubernetes-native tools for monitoring, logging, Continuous Integration and Continuous Deployment (CI/CD), and policy as code.