Architecture#
The Multi-Tenant Operator (MTO) is a comprehensive system designed to manage multi-tenancy in Kubernetes environments.
Overview#
The diagram below shows how MTO's controllers, the MTO Dependencies Operator, and the components they provision fit together.
Core Operators#
MTO consists of multiple controllers and components that work together to provide the functionality of the system. The following is a list of the components that make up the MTO system:
| Name | Type | Description |
|---|---|---|
| Tenant Controller | Deployment | Responsible for managing the creation, deletion, and updating of tenants in the cluster via Tenant CRD. |
| Namespace Controller | Deployment | Responsible for managing the creation, deletion, and updating of namespaces in the cluster. |
| Extensions Controller | Deployment | Enhances MTO's functionality by allowing integration with external services and manages extensions via Extension CRD. |
| Quota Integration Config Controller | Deployment | Manages 2 different CRDs in one controller, Quota CRD, and IntegrationConfig CRD. |
| Webhook | Deployment | Responsible for managing webhook requests from MTO's resources. |
| Pilot Controller | Deployment | Responsible for provisioning and managing the lifecycle of the MTO Console and MTO Gateway. It also deploys the Custom Resources (PostgreSQL, Prometheus, OpenCost, Dex, DexConfigOperator and FinOps Operator) that are reconciled by the MTO Dependencies Operator. |
| MTO Console | Deployment | Provides a web-based interface for managing tenants, namespaces, sleep, and more. Details about the MTO Console can be found here. |
| MTO Gateway | Deployment | Backend service that provides the REST API for the MTO Console. |
| PostgreSQL | StatefulSet | Open-source relational database that acts as a caching layer and stores data for the MTO Console. Provisioned and managed by the MTO Dependencies Operator. |
| Prometheus | Deployment | Open-source monitoring and alerting solution that provides metrics and monitoring for resources deployed on the cluster. Provisioned and managed by the MTO Dependencies Operator. |
| OpenCost | Deployment | Open-source cost management solution that provides cost tracking and reporting for resources deployed on the cluster. Provisioned and managed by the MTO Dependencies Operator. |
| Kube-State-Metrics | Deployment | Listens to the Kubernetes API server and generates metrics about the state of objects in the cluster. Provisioned and managed alongside Prometheus by the MTO Dependencies Operator. |
| Dex | Deployment | Identity provider (IdP) used by MTO for authentication, replacing Keycloak. Provisioned and managed by the MTO Dependencies Operator. |
| DexConfigOperator | Deployment | Manages the configuration of the Dex IdP on Kubernetes. Provisioned and managed by the MTO Dependencies Operator. |
| FinOps Operator | Deployment | Powers the showback features in MTO, replacing the previous Showback CronJob. Provisioned and managed by the MTO Dependencies Operator. |
| FinOps Gateway | Deployment | Exposes cost and showback data from OpenCost and Prometheus to the MTO Console. |
Child Operators#
MTO deploys child operators to extend its tenancy with features made to reduce complexity while using a Kubernetes cluster.
Template Operator#
Template Operator manages resource distribution and copying of secrets/configMaps across multiple namespaces. More details about its architecture can be found at Template Operator Architecture.
Hibernation Operator#
The Hibernation Operator is a lightweight yet powerful system designed to automate cost-saving hibernation of workloads in Kubernetes environments. It enables both platform teams and application owners to define schedules for scaling down and restoring applications during off-hours.
MTO Dependencies Operator#
The MTO Dependencies Operator is a Kubernetes operator that manages common infrastructure dependencies required by Multi-Tenant Operator as Custom Resources using Helm charts.
It simplifies the deployment and management of essential infrastructure components needed by the MTO ecosystem — PostgreSQL, Prometheus, OpenCost, Dex, DexConfigOperator and FinOps Operator. Instead of manually managing multiple Helm releases, this operator provides a declarative way to deploy and configure dependencies through Kubernetes Custom Resources.
Each Custom Resource's .spec maps directly to the underlying Helm chart values, so any value supported by the chart can be set in the CR. The operator handles the full lifecycle — install, upgrade, and deletion — automatically.
See the MTO Dependencies Operator documentation for reference.