Multi-Tenancy Architecture Overview
Multi-tenancy in the MATIH Platform is a foundational architectural decision that permeates every layer of the system. This section provides a comprehensive examination of the five isolation strategies, how tenant context propagates through the system, and what guarantees the platform provides.
Isolation Model
The platform uses a hybrid isolation model with five layers:
| Layer | Strategy | Section |
|---|---|---|
| Application | Thread-local tenant context | Tenant Context Propagation |
| Database | Schema-per-tenant | Database Isolation |
| Kubernetes | Namespace-per-tenant | Namespace Isolation |
| Network | NetworkPolicy-per-namespace | Network Isolation |
| Data | Tenant-scoped keys, events, caches | Data-Level Isolation |
Tenant Context Flow
1. JWT token carries tenant_id claim
2. Kong Gateway extracts tenant_id
3. Backend service sets TenantContextHolder
4. Service layer reads tenant context
5. Repository scopes all queries by tenant
6. Events carry tenant_id as payload and partition key
7. Cache keys include tenant prefix
8. Audit logs tag every entry with tenantIsolation Guarantees
| Guarantee | Mechanism | Verification |
|---|---|---|
| Data isolation | Schema-per-tenant in PostgreSQL | Queries scoped by Hibernate resolver |
| Network isolation | Kubernetes NetworkPolicies | Pods cannot reach other tenant namespaces |
| Resource isolation | Kubernetes ResourceQuotas | CPU/memory limits per namespace |
| Cache isolation | Tenant-prefixed Redis keys | Key collision impossible |
| Event isolation | Tenant ID as Kafka partition key | Events partitioned by tenant |
| Auth isolation | Tenant ID in server-signed JWT | Client cannot forge tenant identity |
Tenant Tiers
| Tier | CPU Quota | Memory Quota | Max Users | Features |
|---|---|---|---|---|
| Free | 2 cores | 4Gi | 5 | Basic analytics |
| Professional | 8 cores | 16Gi | 50 | Full analytics, AI chat |
| Enterprise | Custom | Custom | Unlimited | All features, custom models |
Related Sections
- Security: Multi-Tenancy -- Security-focused tenant isolation
- Service Topology -- Service dependencies and failure domains
- Event-Driven Architecture -- Tenant context in events