https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/Recent content in Setup on CapsuleHugo -- gohugo.ioenhttps://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/installation/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/installation/Requirements Helm 3 is required when installing the Capsule Operator chart. Follow Helm’s official documentation for installing Helm on your operating system. A Kubernetes cluster (v1.16+) with the following Admission Controllers enabled: PodNodeSelector LimitRanger ResourceQuota MutatingAdmissionWebhook ValidatingAdmissionWebhook A Kubeconfig file accessing the Kubernetes cluster with cluster admin permissions. Cert-Manager is required by default but can be disabled. It is used to manage the TLS certificates for the Capsule Admission Webhooks. Installation We officially only support the installation of Capsule using the Helm chart.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/configuration/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/configuration/The configuration for the capsule controller is done via it’s dedicated configration Custom Resource. You can explain the configuration options and how to use them: CapsuleConfiguration The configuration for Capsule is done via it’s dedicated configration Custom Resource. You can explain the configuration options and how to use them: kubectl explain capsuleConfiguration.spec administrators These entities are automatically owners for all existing tenants. Meaning they can add namespaces to any tenant. However they must be specific by using the capsule label for interacting with namespaces.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/openshift/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/openshift/Introduction Capsule is a Kubernetes multi-tenancy operator that enables secure namespace-as-a-service in Kubernetes clusters. When combined with OpenShift’s robust security model, it provides an excellent platform for multi-tenant environments. This guide demonstrates how to deploy Capsule and Capsule Proxy on OpenShift using the nonroot-v2 and restricted-v2 SecurityContextConstraint (SCC), ensuring tenant owners operate within OpenShift’s security boundaries. Why Capsule on OpenShift While OpenShift can be already configured to be quite multi-tenant (together with for example Kyverno), Capsule takes it a step further and easier to manage.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/rancher/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/rancher/The integration between Rancher and Capsule, aims to provide a multi-tenant Kubernetes service to users, enabling: a self-service approach access to cluster-wide resources to end-users. Tenant users will have the ability to access Kubernetes resources through: Rancher UI Rancher Shell Kubernetes CLI On the other side, administrators need to manage the Kubernetes clusters through Rancher. Rancher provides a feature called Projects to segregate resources inside a common domain. At the same time Projects doesn’t provide way to segregate Kubernetes cluster-scope resources.https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/managed-kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-82--docs-projectcapsule.netlify.app/docs/operating/setup/managed-kubernetes/Capsule Operator can be easily installed on a Managed Kubernetes Service. Since you do not have access to the Kubernetes APIs Server, you should check with the provider of the service: the default cluster-admin ClusterRole is accessible the following Admission Webhooks are enabled on the APIs Server: PodNodeSelector LimitRanger ResourceQuota MutatingAdmissionWebhook ValidatingAdmissionWebhook AWS EKS This is an example of how to install AWS EKS cluster and one user manged by Capsule.