Capsule is an open source framework that enables Platform Engineers to build a secure multi-tenant Internal Developer Platform on top of any Kubernetes infrastructure.
Capsule is an open source tool for mid to large engineering organisations to create their own Internal DeveloperPlatform on top of Kubernetes. Capsule provides the building blocks to securely share a Kubernetes infrastructure between multiple development teams, groups, departments or tenants while giving them a high grade of autonomy and without overwhelming the platform team. Capsule seamlessly integrates with several other tools of the Cloud Native ecosystem, like Identity Providers, Observability, GitOps, and many others.
Capsule focuses on the Platform Engineers' experience of building secure Internal Developer Platforms, unlike other frameworks and platforms which focus exclusively on developer experience. Capsule encompasses the power and flexibility of raw Kubernetes and enables Platform Engineers to build platforms that meet specific Policy and Governance needs while not overwhelming them with a continuous flow of ticketing requests.
Kubernetes introduces the namespace abstraction to create logical partitions of the cluster as isolated slices. However, implementing advanced multi-tenancy scenarios soon becomes complicated because of the flat structure of namespaces and the impossibility to share resources among namespaces belonging to the same tenant. To overcome this, Platform Engineers tend to allocate a dedicated cluster for each group of users, teams, or departments. As the organisation grows, the number of clusters to manage and keep aligned becomes an operational nightmare, described as the well known phenomena of cluster sprawl.
We developed Capsule to change this with a different approach. In a single cluster, it aggregates multiple namespaces in a lightweight abstraction called Tenant, basically a grouping of Kubernetes namespaces. Within each tenant, developers are free to create their resources and share all the assigned resources without interfering with other tenants using the same platform.
Capsule main features
Leave developers the freedom to self-provision their resources according to the assigned boundaries.
Preventing Clusters Sprawl
Share a single cluster with multiple teams, groups of users, or departments by saving operational and management efforts.
Leverage Admission Controllers to enforce the industry security best practices and meet policy and governance requirements.