Capsule is an open-source framework for implementing multi-tenant and policy-based environments in Kubernetes clusters.
It was created to solve the challenge of cluster sprawl, which is when the number of clusters in an organization grows to a number that is difficult to manage. Normally, one could use the Namespace object to create partitions of a cluster, but typically this is difficult because Namespaces have a flat structure and can’t easily share resources. This leads to companies creating new clusters for each group of users, teams, or departments, leading to cluster sprawl.
With Capsule, IT teams can create multiple namespaces in a cluster and still allow them to share assigned resources. It does this by creating a lightweight abstraction called a tenant, which is a grouping of Kubernetes Namespaces,
The Capsule Policy Engine keeps the tenants isolated from each other, and all the tenants in a namespace also inherit the same network and security policies, resource quota, limit ranges, and other policies.
In addition to preventing cluster sprawl, Capsule enables self-service provisioning of cluster resources, is GitOps ready, and can provide multi-tenancy without adding additional management layers.
The project was accepted into the CNCF as a Sandbox project in December 2022, and remains at that status as of the end of 2023. At the time of this writing, the project has 1.4k stars on GitHub.