New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Multi tenant] Namespace/Domain for workflow and tasks for isolation #3439
Comments
Hi @ysaakpr, thank you for raising this up. What would be your expected behavior? |
Can we introduce some namespace and namespace authentication, where namespaces can be assigned to teams? Something similar to Kubernetes namespace. And cross namespace access should be possible so that workflows can refer to tasks defined in the other namespaces, like services in Kubernetes. Which avoid running multiple clusters and using one cluster between multiple teams effectively. Just a thought. not sure how technically this fit for the architecture of zeebe. |
@ysaakpr, thank you for the insides. I understand your requirement in the following way:
Is this correct? Any additional requirements? |
@saig0, Looks like you mis understood, my bad. Let me explain. Lets take a situation where multiple teams who using Zeebe, and all of them can add workflows and add new task types.
In this case, zeebe get two different handlers registered for the same taskType. Both of them. will be expecting two different I am expecting the following experience by introducing namespace
Example of namespaces design we can borrow
|
@ysaakpr thank you for the clarification! This makes it more clear that is the actual problem. A workaround without proper namespaces could be a prefix for the job types. So, every job type includes a prefix, for example, the name of the team/client/organization (e.g. |
Exactly, this is what we currently doing, something like this Lots of complexity following this in org-wide, as which is not restricted by the broker. Another approach we thought to do was to wrap the SDK where the team name should be a mandatory option and while binding it binds to . always. But I found that feature from the zeebe system would be amazing if it can be done. Else we have to create a complete wrapper API around Zeebe, which brings this restriction, which we are planning to do if this is not coming under the scope of Zeebe. Instead of the effort we are putting to create a wrapper if we put on making it as a part of the system, it might help others well. I believe many similar systems has something similar, |
Another example is Uber Cadance - Domain
|
"lack of support for namespace" is a big issue for us, it is currently preventing us from sharing the platform with multiple tenants. also we ideally want to segregate orchestrations for the tenants as cleanly as possible(without having to setup new clusters), fiddling with job/message types does not sound like a clean/scalable/error-free solution. is there any update on current thinking on this issue please? |
+1 |
From having done a prototype of this, I would say the majority of the work would fall under the ZPA team. Feel free to object, but in the meantime I moved it to the other project :) |
👍 |
Description
We are using zeebe as an end to end orchestrator. but here comes the problem, when there are distributed teams, working parallel on multiple projects, and integrating with zeebe, to orchestrate the tasks, How do we ensure that the task types are not conflicting. One person in the ecosystem can cause damage to the entire workflow, by wrongly defining a task handler, with a same task type.
Whats the thought on this?
The text was updated successfully, but these errors were encountered: