This section dives into how you can configure multi-tenancy in your Kestra instance. For a high-level overview, check the multi-tenancy section of the Architecture documentation.
Set it to
true to enable multi-tenancy. By default, multi-tenancy is disabled.
If you enable multi-tenancy in a Kestra instance with existing resources (flow, namespace, execution), you must use the
kestra auths users sync-access command to synchronize the existing accesses to the default tenant (see above).
The default tenant is a tenant without an identifier (aka the null tenant). It exists for backward compatibility when multi-tenancy is enabled in an existing Kestra instance. If you disable the default tenant in a Kestra instance that already has flows and executions, you will no longer be able to access them.
When multi-tenancy is enabled in a new Kestra instance, it's recommended to disable the default tenant so that all tenants will have an identifier. This way, all tenants are explicitly defined and can be referenced by their ID.
By default, multi-tenancy is disabled, and the default tenant is set to
true. Once you enable multi-tenancy, you can set the default tenant to
false to disable it so that your Kestra instance includes only the tenants you explicitly create.
In order to create tenants, a user must have the CREATE permission on the TENANT role.
The tenant can be created in multiple ways:
In all cases, an Admin role is created with admin rights on the new tenant. The authenticated user or the user passed to the command will have this Admin role on the new tenant.
To create a tenant with the identifier
production, go to Administration -> Tenants. Then, click on the Create button.
Fill in the form and then click on Save.
The user that creates the tenant will have admin rights on it. You may need to refresh the UI to refresh your roles.
The following command will create a tenant with the identifier
dev and give admin rights for this tenant to the user
kestra tenants create --admin-username firstname.lastname@example.org --tenant dev --name "Development environment"