Tenant Service Chart
The Tenant Service manages the complete tenant lifecycle including creation, provisioning, configuration, and decommissioning.
Chart Configuration
# From matih-control-plane/values.yaml
tenant-service:
enabled: true
replicaCount: 2
image:
repository: tenant-service
tag: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
className: kong
hosts:
- host: api.matih.ai
paths:
- path: /api/v1/tenants
pathType: Prefix
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 8
config:
provisioning:
defaultTier: STANDARD
provisioningTimeoutMinutes: 30
asyncEnabled: true
deployment:
githubWorkflowEnabled: true
webhookEnabled: trueProvisioning Phases
The Tenant Service orchestrates a multi-phase provisioning process:
- INIT - Create namespace, RBAC, resource quotas
- DATABASE - Create tenant databases
- SECRETS - Sync secrets from cloud key vault
- DEPLOY_SERVICES - Deploy data plane services via Helm
- DEPLOY_INGRESS - Set up dedicated NGINX ingress controller
- DNS_ZONE - Create Azure DNS child zone
- TENANT_INGRESS - Create TLS certificate and K8s Ingress
- MONITORING - Set up ServiceMonitors and alerts
- READY - Mark tenant as active
Each phase is tracked as a state transition and can be retried on failure.