Multi-Tenant Kubernetes at Hyperscale with Kamaji and Rancher Prime


Delivering Kubernetes resources efficiently and securely can be a challenge, particularly at hyperscale and at the edge. Combining CLASTIX Kamaji and Rancher Prime by SUSE gives organizations the power to optimize, secure, and manage large and diverse, multi-tenant Kubernetes landscapes. ~ Terry



Adriano Pezzuto, CEO, CLASTIX


Kubernetes is a powerful tool for container orchestration, but managing it can be challenging, especially when running multiple clusters on different infrastructures and cloud providers. In this article, we explore Kamaji, the innovative architecture by CLASTIX for simplifying control plane management and how, when coupled with Rancher Prime by SUSE, it can make running Kubernetes at scale a breeze.

While managing a few Kubernetes clusters can be easy for an experienced platform team, managing multiple clusters on different and heterogeneous infrastructures can be complex and resource intensive.


Challenges to running Kubernetes at scale


Operational Overhead

Each cluster requires allocation of dedicated resources, component monitoring, lifecycle management, policy enforcement, and more. This can lead to increased operational overhead, longer upgrade times, and increased errors and security risks. Additionally, managing different versions and flavors of Kubernetes across multiple clusters can add to this complexity. Deployments may require different configurations and even different teams and skill sets to manage them.



Cluster sprawl across clouds, edge, and on-premises data centers leads to increased costs and inefficiencies. Unless using only cloud managed Kubernetes, all of your clusters must include at least three nodes for the control plane. “Control plane tax” refers to the overhead of maintaining these dedicated virtual machines for each Kubernetes cluster. This tax can become significant, especially when organizations run multiple clusters, as it leads to increased infrastructure costs and resource utilization. MSPs/CSPs must allocate more hardware resources to serve multiple clusters, reducing profit margins. Large enterprises face difficulties achieving cost savings due to fragmented deployments and complex operations. Additionally, running Kubernetes on the edge usually means running in low resource infrastructure, where setting up the control plane is either a challenge or a mission impossible.



Organizations can struggle to achieve consistency in their Kubernetes deployments, especially when it comes to implementing mixed multi-cluster and multi-cloud strategies. Traditional Kubernetes solutions are vendor and cloud specific, and often lack the necessary flexibility for seamless deployments across multiple, heterogeneous environments.


Security and Isolation

Secure access and isolation are essential in multi-tenant deployments with many teams, departments, business units, and customers to serve. Kubernetes natively offers poor support for multi-tenancy.


How CLASTIX Kamaji and Rancher Prime by SUSE enable Kubernetes at scale

CLASTIX Kamaji leverages the Kubernetes machinery to orchestrate and isolate hundreds, even thousands, of tenant clusters. Kamaji is unique because the control planes of tenant clusters are deployed as regular Kubernetes pods running in a unified Management Cluster instead of in separate, dedicated machines in the downstream infrastructure. This approach makes running multiple control planes less costly and much easier to deploy and operate at scale.

Rancher Prime by SUSE is a comprehensive, enterprise container management platform for Kubernetes. Rancher Prime provides global administrators with the ability to securely and efficiently oversee multi-cluster Kubernetes landscapes anywhere – from the cloud to edge to on-premises data centers.

By deploying Kamaji along with Rancher Prime, you have a powerful, multi-tenant, multi-cluster Kubernetes platform that can help you overcome the challenges of running Kubernetes at scale.


Let’s see how Kamaji and Rancher Prime address the challenges … 


Reducing Operational Overhead

Rancher Prime with Kamaji simplifies and centralizes Kubernetes management, enabling control of multiple tenant clusters from a single location. Together, they help you streamline administrative tasks, enhance security, and ensure a unified and consistent experience across all Kubernetes clusters. And, by using Kubernetes itself to manage the tenant control planes, you get high availability, fault tolerance, and autoscaling out of the box.

Moreover, the time it takes to provision and update control planes is reduced from minutes to seconds. A control plane can be brought to life in less than 16 seconds and updated in less than 10 seconds without service disruption. Benchmarks show reconciliation for 100 control planes can take less than 150 seconds.


Increasing Efficiency

By running tenant control planes as regular Kubernetes pods in the Management Cluster, you eliminate the need for additional nodes dedicated to control planes. This results in cost savings and streamlined operations.

With control planes cheaper and easier to deploy and operate, you can optimize resource utilization overall, reduce cluster sprawl, improve efficiency, and unlock cost-saving opportunities in your Kubernetes deployments.


Enabling Consistency

Decoupling the control plane from workloads, you can deploy and manage Kubernetes landscapes across diverse environments, including data centers, public and private clouds, and edge locations. Worker nodes can be placed on any infrastructure while managing them from a unified administrative panel. The ability to maintain consistency in different Kubernetes deployments empowers you to embrace diverse infrastructure options and implement hybrid- and multi-cloud strategies with the flexibility you need to thrive in the modern cloud-native ecosystem.


Ensuring Security and Isolation

Leverage strict isolation between tenant clusters and enforce global security and compliance policies across your Kubernetes landscape. Like how hyperscalers provide managed Kubernetes, control planes are not accessible to your tenants and are consumed “as a service.” This lets you prioritize security while still optimizing resource allocation.


Use cases

Kamaji was initially created as a tool for MSPs/CSPs, but, along with Rancher Prime, it supports a broader range of enterprise use cases that empower organizations to simplify Kubernetes management and harness full potential in diverse scenarios.


Managed Kubernetes Services

Kamaji and Rancher Prime enable independent, local, regional, and national Cloud Providers to offer Cloud Native Infrastructure with unparalleled ease. By introducing a strong separation of concerns between management and workloads, this solution centralizes cluster management, monitoring, and observability. The result is increased productivity and reduced operational costs, empowering Cloud Providers to deliver Kubernetes-as-a-Service efficiently and seamlessly to their customers.


Specialized MSPs

For specialized Managed Services, like GPU-as-a-Service and Database-as-a-Service, Kamaji with Rancher Prime introduces the ability to offer self-service Kubernetes clusters with flexibility in hardware choices through Bring Your Own Device (BYOD). This approach empowers MSPs to cater to unique customer requirements, running management and workloads on different hardware. So, MSPs can optimize resource utilization and deliver specialized Kubernetes solutions with less effort and greater efficiency.


Edge Computing

Kamaji and Rancher Prime unlock the true potential of edge computing by distributing Kubernetes workloads across edge locations. With unified cluster management and no need to deploy control planes into constrained environments, hundreds or even thousands of edge clusters can be effectively and efficiently deployed and managed. Additionally, integration with a service mesh can create a seamless “continuum computing” experience, bridging the gap between edge and central locations.


Hybrid and Private Cloud

Enterprises embracing a hybrid or private cloud approach find Kamaji and Rancher Prime invaluable. Building Kubernetes and cloud-native infrastructure within their data centers becomes seamless, allowing for seamless workload migration from owned facilities to the cloud and vice versa. This approach empowers organizations to maintain their preferred balance of on-premises and cloud-based resources, ensuring adaptability and optimal resource utilization.




Kamaji’s innovative architecture, coupled with Rancher Prime’s comprehensive container management platform, addresses the operational burdens and complexities faced by large organizations. By orchestrating multiple “tenant clusters” thought Kubernetes machinery, the solution eliminates the control plane tax, optimizes resource utilization, and reduces infrastructure costs. Seamless control plane provisioning and upgrades, and consistent management enable organizations to scale Kubernetes effortlessly, responding to dynamic business demands with ease. Efficient reconciliation of control planes empowers enterprises to streamline administrative tasks, enhance security, and centralize Kubernetes management from a single location.

Whether it’s managed Kubernetes services, specialized MSP offerings, edge computing solutions, or hybrid/private cloud deployments, Kamaji and Rancher Prime empower organizations to achieve operational excellence.


Next Steps


Additional References & Resources


Adriano Pezzuto, CEO, CLASTIX

Adriano started his career at leading global IT companies like Siemens and CISCO. It took him to work at large networks systems, later building scalable and highly available cloud infrastructures and then being accountable for helping customers to embrace Cloud Computing. His interest has always been in cutting edge technologies, being one of the first in his country to spread the Cloud Native revolution. Today, Adriano is turning his large experience into CLASTIX, as a visionary founding member and General Manager.


SUSE One Partner Solution Stacks are featured co-innovations that help our customers address a broad spectrum of challenges with SUSE and partner technologies and services.









(Visited 18 times, 1 visits today)
Avatar photo
Terry Smith Terry Smith drives engagement with partners around the globe to collaboratively develop and bring to market innovative solutions that address real-world challenges and enable customers to achieve their goals.