This repo contains multi-tenancy assets for IBM clients and partners to build SaaS (Software as a Service).
A key benefit of the cloud is the ability to deploy software for multiple consumers without having to install it redundantly on-premises. When software is provided as a managed service (SaaS), costs can be reduced for the deployments and the operations of applications. Additionally SaaS can be scaled and new consumers can be added easily.
In order to leverage these advantages, applications need to be designed, so that they can support multiple tenants. Often tenants are not single users, but clients of SaaS providers with their own corporate authentication mechanisms. When running SaaS for multiple tenants, it's often required to keep the workloads isolated from each other for security reasons. For example, typically separate databases are used for tenants.
At the same time common deployment and operation models are required, so that new SaaS versions can be deployed to different tenants in an unique and efficient way.
This project aims to support IBM partners to build SaaS for different platforms including Kubernetes, OpenShift, Serverless, Satellite, AWS and Azure. The used sample application, which contains two containers, is the same one for all platforms. The CI/CD mechanisms slightly differentiate between the platforms.
The following diagram shows the different platform options. At this point the repo contains the IBM Cloud platforms.
More options are planned to be added. For example with Satellite the SaaS application can be deployed on-premises to client data centers, but managed centrally. Additionally the same SaaS application can be deployed on other managed OpenShift services like AWS ROSA and Azure ARO.
Serverless on IBM Cloud
The easiest way to get started is to use serverless. The repo describes how to use IBM Code Engine to run the application logic, IBM App ID for authentication, IBM Postgres for persistence and IBM Toolchain for CI/CD. Scripts are provided to make the setup as easy as possible.
Managed Kubernetes and OpenShift on IBM Cloud
For more advanced cloud-native applications Kubernetes and OpenShift can be used. Compute isolation can be done either by sharing clusters and using Kubernetes namespaces/OpenShift projects or by having separate clusters for tenants. For authentication the managed services App ID and Postgres can be used, but they can also be replaced by other managed services or services running within the clusters.
For CI/CD the IBM DevSecOps reference architecture based on IBM Toolchain is used which is also the internal IBM standard and which guarantees compliance for regulated industries.
The project comes with a simple e-commerce example application. A SaaS provider might have one client selling books, another one selling shoes.
You can access the easier navigable and consumable version of the documentation by pressing this button
- Introduction
- Development of Microservices
- Quarkus Backend Service Code
- Quarkus Backend Service Container
- Vue.js Frontend Service Code
- Vue.js Frontend Service Container
- Externalization of Variables in Backend Microservices
- Externalization of Variables in Frontend Microservices
- Local Development of Services
- Authentication Flow (AppID, backend, frontend)
- Creation of managed IBM Cloud Services
- Serverless via IBM Code Engine
- Kubernetes via IBM Kubernetes Service and IBM OpenShift
- Architecture
- Initial Setup via Scripts
- CI/CD DevSecOps
- Overview
- CI
- CD
- Security and Compliance
- Setup of the Toolchains
- Onboarding
- Observability (logging, monitoring, vulnerabilities)
- Billing
This repo is the 'parent repo' including documentation and global configuration. The other four repos contain the implementation of the microservices and the serverless pipelines.
-
multi-tenancy - this repo (parent repo)
- Overview documentation
- Global and tenant specific application configuration
- CD pipeline
- Scripts to deploy cloud services/infrastructure
-
multi-tenancy-backend - backend microservice
- Code
- CI pipeline
-
multi-tenancy-frontend - frontend microservice
- Code
- CI pipeline
-
multi-tenancy-serverless-ci-cd - CI and CD pipelines for serverless
The easiest way to get started is to set up the sample application for two tenants on the IBM Cloud using serverless technology. The following diagram describes the serverless architecture of the simple e-commerce application which has two images (backend and frontend).
Isolated Compute:
- One frontend container per tenant
- One backend container per tenant
- One App ID instance per tenant
- One Postgres instance (with one database) per tenant
Shared CI/CD:
- One code base for frontend and backend services
- One image for frontend service
- One image for backend service
- One toolchain for all tenants (with four pipelines)
Used IBM Services:
- IBM Code Engine
- IBM Container Registry
- IBM App ID
- IBM Postgres
- IBM Toolchain
Used Technologies:
- Quarkus
- Vue.js and nginx
- Bash scripts
Initial Deployment Scripts
Scripts and provided to set up all services and the application automatically. Follow this step by step guide to set up everything using local bash scripts.
Deployments of Updates via CI/CD
Additionally pipelines are provided to re-deploy the backend and frontend services when their implementations have changed. Follow this step by step guide to set up the pipelines.