Fleet: Multi-Tenant Cluster Management & Workspaces
Workspaces: Isolating Resources and Workloads
Fleet implements the concept of Workspaces, which isolate resources and workloads for specific clusters or groups of clusters. By default, Fleet includes two Workspaces:
fleet-local, used for single-cluster setups or the local Rancher cluster.fleet-default, which manages downstream clusters like our RKE2 cluster.
Users can create additional Workspaces as needed to further isolate resources. In simple terms, a workspace might contain multiple clusters (or cluster groups) that are logically grouped together.
For instance, the fleet-default workspace could have:
- A staging cluster group (clusters labeled
environment: staging). - A production cluster group (clusters labeled
environment: production).
Deployments in the workspace can then target specific cluster groups and allow multiple teams to manage their workloads independently.
Creating a new workspace is straightforward. Click on Workspaces menu item and then Create. To move a cluster to a workspace, click on the 3 dots next to the cluster name and select Change workspace.
ℹ️ Moving clusters between workspaces needs the
provisioningv2-fleet-workspace-back-populationfeature flag enabled. To enable this feature, go toGlobal Settings>Feature Flags, find theprovisioningv2-fleet-workspace-back-populationflag, and enable it.
To better understand how workspaces work, we will see a practical example. We are going to create two single-node clusters on DigitalOcean called dev-cluster and staging-cluster, having the labels env: dev and env: staging, respectively.
Cluster label
The clusters will be part of the dev and staging workspaces, respectively.
| Cluster Name | Workspace | Label |
|---|---|---|
| dev-cluster | dev | env: dev |
| staging-cluster | staging | env: staging |
Create two Workspaces called dev and staging.
ℹ️ When you create a new Workspace, a Namespace is created on the local cluster where the Fleet resources are stored. The Namespace has the same name as the Workspace.
Create the dev and staging Workspaces (this will also create the dev and staging Namespaces on the local cluster):
cat <
apiVersion: management.cattle.io/v3
kind: FleetWorkspace
metadata:
name: dev
---
apiVersion: management.cattle.io/v3
kind: FleetWorkspace
metadata:
name: staging
EOF
Create a Secret and a GitRepo resource in the dev Workspace/Namespace:
cat <
apiVersion: v1
kind: Secret
metadata:
name: gitea-auth
namespace: dev
type: kubernetes.io/basic-auth
data:
password: cEBzc3dvcmQ=
username: Z2l0ZWFfYWRtaW4=
---
apiVersion: fleet.cattle.io/v1alpha1
kind: GitRepo
metadata:
name End-to-End Kubernetes with Rancher, RKE2, K3s, Fleet, Longhorn, and NeuVector
The full journey from nothing to productionEnroll now to unlock all content and receive all future updates for free.