II.
Topic overview
Reference · livetopic:org-scoped-tenancy
Org-Scoped Multi-Tenancy overview
A tenancy model where the Organization is the top-level isolation boundary. Every resource — repositories, teams, users, policies, pipelines, agent stacks — belongs to exactly one organization. Cross-org access is explicitly denied unless federation is configured. This differs from namespace-scoped tenancy (where a namespace is the boundary) and cluster-scoped tenancy (where a single tenant owns the cluster). In Krate, Organizations are cluster-scoped CRDs that own namespaces, and all org-scoped resources carry an orgRef field linking back to the owning Organization.
Attributes
displayName
Org-Scoped Multi-Tenancy
description
A tenancy model where the Organization is the top-level isolation
boundary. Every resource — repositories, teams, users, policies,
pipelines, agent stacks — belongs to exactly one organization.
Cross-org access is explicitly denied unless federation is configured.
This differs from namespace-scoped tenancy (where a namespace is the
boundary) and cluster-scoped tenancy (where a single tenant owns the
cluster). In Krate, Organizations are cluster-scoped CRDs that own
namespaces, and all org-scoped resources carry an orgRef field linking
back to the owning Organization.
Outgoing edges
applies_to3
- domain:platform-engineering·DomainPlatform Engineering
- domain:security·DomainSecurity
- domain:software-engineering·DomainSoftware Engineering
Incoming edges
contains1
- domain:platform-engineering·DomainPlatform Engineering