Good morning. I'm wondering if anyone has experience with OSS platform orchestration tools that can service multiple tenants. I'm doing a bit of research in to this, and even commercial tools seem to only provide a 'second non-production' tenant only. I have a gut feeling going through tools like CloudForet, cloud Foundry, terrakube, that what I'm looking for doesn't really exist. I want to be able to have multiple tenants (for example Azure tenants) that can be connected to their individual Entra tenant for authentication.

I am not sure that I understand what you mean by tenant. What should your tenant border separate? The things that are deployed through your orchestration? The people that are using your orchestration?

A tenant is a organizational boundary within a hyperscaler. More visually: Platform as a Service Tool | | Customer A Customer B | | | | Azure Tenant AWS Tenant Azure Tenant AWS Tenant

That sounds strange. Cloud Foundry which was mentioned by you should be able to do it for example.

Not sure what sounds strange? I've been scouring the docs of multiple tools and if I can't find a reference to this capability the only thing I can assume is that it is not supported. Currently going though kratix and kusionstack next

It’s probably a language thing. When you look at the reference architectures (behind the “Google Slides Template” button on the tooling landscape page) then this would be “multiple resource planes”. Also different tools have different names for that. Probably @Abby Bangser can help by pointing you to the right feature for Kratix.

Potentially I'm seeing the role of an orchestrator wrong.... Any links towards deep dives on what orchestrators do and how they function (abstractly as this seems to differ between products in terminology) would be appreciated

For Cloud Foundry, you need to be looking at this stuff --> https://docs.cloudfoundry.org/concepts/orgs-and-spaces.html

That page points out some of my struggles. A foundation is shown as common components (shared components: Such as policies, management group structures, etc). But it doesn't seem that it could let me implement multiple companies

Not all orchestrators work in the same way. In the most easy way you can possibly think of them as the missing binding and coordinating piece between CI / IaC and CD.

Agreed with everything @Clemens Jütte is saying. I think all the orchestrators listed can manage more than one resource plane (cloud account / resources). And I would expect the PaaS’s you mentioned would be able to as well though they may require more than one instance to do so (that will depend on the tool).

But I am not sure if multiple foundations is what you’re actually looking for - that would most probably be only useful for multiple companies / legal entitites - while different orgs and even spaces provide for deployment into different cloud subscriptions.

Multiple instances route is something I'm trying to avoid as that bites scalability right in the hind-quarters. Ideally it's a single instance that can scale horizontally (if needed) with integration to multiple IDP.

What Abby says for Kratix holds true for Humanitec as well - different lingo but same outcome. Multiples of almost anything are possible.

I'll avoid Humanitec for now due to the pricing 🙂. I'll see if I can run an instance of Kratix to play around with

I know humanitec has a generous free tier so worth checking it out even if just for mental models if it helps. Kratix is FOSS with some enterprise extensions but there aren’t any handicaps in the OSS project so go to town. I’d start here to get installed and then here to understand more destinations. Happy to help in this slack or lean on the wider community slack as well.