Tenant Cluster Provisioning
This guide applies to customers using automated cloud provisioning. If you bring your own Kubernetes cluster, skip this guide and proceed to Platform Deployment.
Goal
Create a new Kubernetes cluster for a Tenant using automated cloud provisioning. At the end of this guide, a fully configured cluster is running in your cloud environment with networking, DNS, and storage ready for Keymate platform installation.
Audience
Platform engineers responsible for provisioning infrastructure for new Tenants or environments.
Prerequisites
- Cloud provisioning layer configured (see Cloud Provisioning Overview)
- Cloud provider credentials set up and accessible
- Supported Configurations reviewed to choose region and sizing
Before You Start
- Choose the right sizing tier. Review Supported Configurations and select a tier that matches your workload expectations. Starting with the right size avoids unnecessary resizing, though you can scale after provisioning.
- Confirm region selection. Ensure the chosen region meets your data residency and latency requirements.
- Prepare the Tenant metadata. You need the Tenant name, environment name (dev/staging/production), and any Tenant-specific configuration.
Steps
1. Define the cluster specification
Create a cluster definition specifying the Tenant, environment, region, and sizing.
Required fields:
| Field | Description | Example |
|---|---|---|
| Tenant name | Identifier for the Tenant | acme |
| Environment | Target environment | production |
| Region | Cloud region | westeurope |
| Cluster size | Sizing tier | medium |
2. Submit the provisioning request
Apply the cluster definition to the management plane. The provisioning system validates the specification and begins creating cloud resources.
3. Monitor provisioning progress
Cluster provisioning takes several minutes while the system creates cloud resources. Monitor the provisioning status through the management plane.
Expected provisioning stages:
| Stage | What happens | Duration |
|---|---|---|
| Accepted | System validated the definition, provisioning queued | Seconds |
| Provisioning | System creating cloud resources (network, cluster, DNS) | 10-15 minutes |
| Ready | All resources created and healthy | — |
4. Verify the cluster
After provisioning completes, verify the cluster is accessible and healthy.
Verification steps:
- Confirm the Kubernetes cluster is reachable from your management environment
- Verify the correct number of nodes are running
- Confirm DNS records resolve to the cluster's public IP
- Verify networking is configured (virtual network, subnets)
5. Proceed to platform installation
Once the cluster is verified, install the Keymate platform using:
- Helm-Based Installation — direct Helm deployment
- GitOps-Based Installation — ArgoCD-managed deployment
Validation Scenario
Scenario
A platform engineer provisions a new production cluster for Tenant "acme" in the West Europe region.
Expected Result
- A medium-sized Kubernetes cluster is running in West Europe
- Virtual network and subnets are in place
- A DNS zone serves the Tenant domain
- A public IP is assigned and accessible
- The cluster is ready for platform installation
How to Verify
- Access the cluster using the provisioned credentials
- Run
kubectl get nodesand confirm the expected node count - Verify DNS resolution for the Tenant domain
- Confirm network connectivity from the cluster to required services
Troubleshooting
- Provisioning stuck in "Provisioning" state. Cloud resource creation can take up to 15 minutes. If it remains stuck beyond 20 minutes, check the provisioning system logs for cloud provider errors (quota limits, region capacity, permission issues).
- Cluster unreachable after provisioning. Verify network configuration and firewall rules. Confirm that your management environment has network access to the new cluster.
- DNS not resolving. DNS propagation may take a few minutes. If it persists, verify the system created the DNS zone and that records point to the correct IP address.
- Permission errors during provisioning. Verify that cloud provider credentials have sufficient permissions to create all required resources (clusters, networks, DNS zones, IP addresses, role assignments).
Next Steps
- Helm-Based Installation — Install the Keymate platform on the new cluster
- GitOps-Based Installation — Set up ArgoCD-managed deployment
- Tenant Onboarding — Configure the Tenant after platform installation