stakater · tanalam2411 · Mar 17, 2024 · Jun 9, 2024
@@ -0,0 +1,13 @@
+# Advantages of managing Namespaces from Tenant CR
+
+1. **Granular Control**: Tenant CRs provide fine-grained control over namespace management, allowing for precise configuration of access control, isolation, user management, and security policies specific to each namespace.
+
+2. **Centralized Management**: By utilizing Tenant CRs, namespace creation and management can be centralized, simplifying administrative tasks and ensuring consistent enforcement of policies across all namespaces.
+
+3. **Automated Prefix Model**: Tenant CRs support an automated prefix model for namespace creation, streamlining the addition of common prefixes like "dev" or "stage" to make namespaces unique for each tenant. This automation reduces manual effort and maintains naming convention consistency.
+
+4. **Efficient Label Management**: With Tenant CRs, labels and annotations across namespaces can be managed centrally, improving operational efficiency and providing better visibility into the environment.
+
+5. **Simplified GitOps**: Tenant CRs streamline GitOps practices by enabling the management of multiple namespaces from a single point. This integration simplifies deployment workflows and reduces the need to navigate through multiple repositories or folders for namespace-related changes.
+
+[Creating Namespaces from Tenant CR](../tutorials/tenant/creating-namespaces.md)
@@ -125,3 +125,33 @@
 ## Native Experience
 
 Multi Tenant Operator provides multi-tenancy with a native Kubernetes experience without introducing additional management layers, plugins, or customized binaries.
+
+## Benefits and Value Propositions
+
+### Platform Administrator:
+- **Efficient Resource Utilization**: MTO enables the platform administrator to share an OpenShift cluster with multiple tenants, maximizing resource utilization and reducing operational overhead.
+- **Centralized Management**: With MTO, the administrator can configure and manage tenants and their sandboxes centrally, minimizing efforts and ensuring consistent configurations.
+- **Streamlined RBAC Configuration**: MTO simplifies RBAC configuration by providing a "least privilege" mindset and automatically updating rules, reducing errors and manual efforts.
+- **Integration with External Identity Management**: MTO seamlessly integrates with external identity management systems, allowing administrators to leverage existing groups for maintaining tenant membership.
+- **Enhanced Security with Vault Multitenancy**: MTO extends the permission model to HashiCorp Vault, enabling administrators to manage RBAC in Vault easily and ensuring tenant users can manage their own secrets securely.
+
+### DevOps Engineer:
+- **Simplified RBAC Configuration**: MTO abstracts RBAC configuration complexities, allowing DevOps engineers to focus on writing pipelines and deploying applications without worrying about access control.
+- **Integrated ArgoCD Multitenancy**: MTO extends the permission model to ArgoCD, simplifying RBAC management and repository provisioning for tenants, thus reducing overhead in managing deployments.
+- **Resource Management**: MTO enables defining Resource Quotas at the tenant scope, ensuring that dev teams can self-serve namespaces within allocated resources, promoting autonomy and agility.
+- **Efficient Namespace Provisioning with Templates**: MTO allows defining templates for namespaces, enabling engineers to provision namespaces with preloaded configurations, reducing setup time and ensuring consistency.
+- **GitOps-Ready Configuration**: MTO is fully configurable using Custom Resources, making it compatible with GitOps practices, thus facilitating seamless automation and version-controlled configurations.
+
+### Developer:
+- **Self-Service Namespace Provisioning**: With MTO, developers can safely provision namespaces for themselves and their teams, promoting agility and reducing dependency on platform administrators.
+- **Prepopulated Development Environments**: MTO's templating mechanism enables automatic prepopulation of namespaces with resources such as network policies or Helm charts, providing developers with ready-to-use development environments.
+- **Native Kubernetes Experience**: Developers can work with MTO without the need for additional management layers or customized binaries, ensuring a seamless and familiar Kubernetes experience.
+- **Safe Remote Development Environments**: MTO can automatically provision namespaces preloaded with selected templates, providing developers with safe remote development environments for rapid prototyping and development.
+- **Cross-Namespace Resource Distribution**: MTO supports cloning of secrets and configmaps across namespaces, allowing developers to access shared resources easily while maintaining isolation between tenants.
+
+### Platform Owner:
+- **Efficient Resource Management**: MTO enables efficient resource management by allowing multiple tenants to share a single cluster, reducing operational and management efforts, and preventing Kubernetes cluster sprawl.
+- **Cost Management with Showback**: MTO's showback functionality enables accurate tracking of resource usage by each tenant or namespace, facilitating cost monitoring, optimization, and fair billing.
+- **Streamlined Administration with MTO Console**: The MTO Console provides a comprehensive interface for managing multi-tenant environments, simplifying administrative tasks, and offering insights into tenant-related resources.
+- **Hibernation for Resource Optimization**: MTO can downscale deployments and stateful sets in a tenant's namespace based on defined sleep schedules, optimizing resource utilization and reducing costs during off-peak hours.
+- **Enhanced Collaboration with Mattermost Multitenancy**: MTO can manage Mattermost to create teams for tenant users, enhancing collaboration and communication within tenant groups while ensuring secure access control and membership management.
@@ -55,13 +55,13 @@ nav:
       - explanation/templated-metadata-values.md
       - explanation/multi-tenancy-vault.md
   - CRDs API Reference:
-      - crds-api-reference/extensions.md
-      - crds-api-reference/integration-config.md
-      - crds-api-reference/quota.md
       - crds-api-reference/tenant.md
+      - crds-api-reference/quota.md
+      - crds-api-reference/integration-config.md
       - crds-api-reference/template.md
       - crds-api-reference/template-instance.md
       - crds-api-reference/template-group-instance.md
+      - crds-api-reference/extensions.md
   - changelog.md
   - eula.md
   - troubleshooting.md