Architectural overview¶
NaaS is a centralized system for governance of NAIS clusters and a uniform way of applying features. Its purpose is remaining a clear separation between tenants and their configuration whilst still remaining centralized control.
The nais organization¶
We want a clear separation between the administration of the clusters and the clusters themselves. Nais has a separate GCP organization to serve this purpose; this is where administrative users, configuration and control-plane components reside.
Tenant organization¶
A key design principle is to have separation in as many layers as possible. Each tenant has its own separate GCP organization. If a government agency wants to become a nais tenant, they will have to grant access give a designated service account in the nais organization access to a folder in their organization. In the tenant's organization, everything related to the nais platform is located in a dedicated folder, and this is the only folder in the tenant's organization where nais has any access.
Created: March 13, 2023