https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/Recent content in Tenant on Deevnet Infrastructure PlatformHugoen-ushttps://deevnet.github.io/deevnet-docs/docs/architecture/tenant/networking/Mon, 01 Jan 0001 00:00:00 +0000https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/networking/<h1 id="tenant-networking"> Tenant Networking <a class="anchor" href="#tenant-networking">#</a> </h1> <p>Defines the network isolation model for tenant workloads.</p> <hr> <h2 id="purpose"> Purpose <a class="anchor" href="#purpose">#</a> </h2> <p>Tenant networking provides:</p> <ul> <li><strong>Isolation</strong> — Tenants cannot see each other&rsquo;s traffic</li> <li><strong>Controlled access</strong> — Explicit rules for shared services</li> <li><strong>Scalability</strong> — New tenants get dedicated network segments</li> <li><strong>Security boundaries</strong> — Limit blast radius of compromised workloads</li> </ul> <hr> <h2 id="vlan-isolation-model"> VLAN Isolation Model <a class="anchor" href="#vlan-isolation-model">#</a> </h2> <p>Each tenant receives a dedicated VLAN:</p> <table> <thead> <tr> <th>Tenant</th> <th>VLAN ID</th> <th>Subnet</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>grooveiq</code></td> <td>100</td> <td>10.100.0.0/24</td> <td>IoT backend services</td> </tr> <tr> <td><code>vintronics</code></td> <td>101</td> <td>10.101.0.0/24</td> <td>Electronics projects</td> </tr> <tr> <td><code>moneyrouter</code></td> <td>102</td> <td>10.102.0.0/24</td> <td>Financial tracking</td> </tr> </tbody> </table> <p>VLAN IDs and subnets are assigned from a reserved range to avoid conflicts with substrate segments (Management, Trusted, Storage, IoT, Guest).</p>https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/management/Mon, 01 Jan 0001 00:00:00 +0000https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/management/<h1 id="tenant-management"> Tenant Management <a class="anchor" href="#tenant-management">#</a> </h1> <p>Defines the lifecycle and operational model for tenant workloads.</p> <hr> <h2 id="purpose"> Purpose <a class="anchor" href="#purpose">#</a> </h2> <p>Tenant management provides:</p> <ul> <li><strong>Lifecycle control</strong> — Create, update, and destroy tenant environments</li> <li><strong>Observability</strong> — Logs, metrics, and alerting scoped to tenants</li> <li><strong>Access control</strong> — Who can manage which tenants</li> <li><strong>Operational clarity</strong> — Clear boundaries between tenants</li> </ul> <hr> <h2 id="tenant-lifecycle"> Tenant Lifecycle <a class="anchor" href="#tenant-lifecycle">#</a> </h2> <h3 id="create"> Create <a class="anchor" href="#create">#</a> </h3> <p>Creating a new tenant involves:</p> <ol> <li><strong>Reserve VLAN and subnet</strong> — Allocate from tenant IP range</li> <li><strong>Configure network infrastructure</strong> — Add VLAN interface, DHCP scope, firewall zone</li> <li><strong>Provision tenant</strong> — Deploy VMs and DNS records via Terraform</li> <li><strong>Configure observability</strong> — Set up log/metric collection for tenant</li> </ol> <h3 id="update"> Update <a class="anchor" href="#update">#</a> </h3> <p>Updating a tenant may include:</p>https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/building/Mon, 01 Jan 0001 00:00:00 +0000https://deevnet.github.io/deevnet-docs/docs/architecture/tenant/building/<h1 id="tenant-building"> Tenant Building <a class="anchor" href="#tenant-building">#</a> </h1> <p>Defines the provisioning model for tenant workloads.</p> <hr> <h2 id="purpose"> Purpose <a class="anchor" href="#purpose">#</a> </h2> <p>Tenant building provides:</p> <ul> <li><strong>Declarative infrastructure</strong> — Define tenant environments as code</li> <li><strong>Reproducibility</strong> — Recreate tenant environments reliably</li> <li><strong>Drift detection</strong> — Identify manual changes</li> <li><strong>Lifecycle automation</strong> — Create, update, destroy via automation</li> </ul> <hr> <h2 id="terraform-first-approach"> Terraform-First Approach <a class="anchor" href="#terraform-first-approach">#</a> </h2> <p>Unlike substrate infrastructure (automation-first), tenant workloads use <strong>Terraform</strong>:</p> <table> <thead> <tr> <th>Aspect</th> <th>Substrate (Automation)</th> <th>Tenant (Terraform)</th> </tr> </thead> <tbody> <tr> <td><strong>Change frequency</strong></td> <td>Rare, deliberate</td> <td>Frequent, agile</td> </tr> <tr> <td><strong>State model</strong></td> <td>Procedural, idempotent</td> <td>Declarative, stateful</td> </tr> <tr> <td><strong>Drift detection</strong></td> <td>Manual verification</td> <td>Built-in plan/apply</td> </tr> <tr> <td><strong>Lifecycle</strong></td> <td>Configure existing</td> <td>Create/destroy</td> </tr> <tr> <td><strong>Use case</strong></td> <td>Infrastructure config</td> <td>VM provisioning</td> </tr> </tbody> </table> <h3 id="why-terraform-for-tenants"> Why Terraform for Tenants? <a class="anchor" href="#why-terraform-for-tenants">#</a> </h3> <ol> <li><strong>Declarative definitions</strong> — Define what should exist, not how to create it</li> <li><strong>State tracking</strong> — Know exactly what&rsquo;s deployed</li> <li><strong>Plan before apply</strong> — Preview changes before execution</li> <li><strong>Destroy support</strong> — Clean up tenant resources completely</li> <li><strong>Proxmox provider</strong> — Native Terraform support for VM lifecycle</li> </ol> <hr> <h2 id="tenant-provisioning-workflow"> Tenant Provisioning Workflow <a class="anchor" href="#tenant-provisioning-workflow">#</a> </h2> <h3 id="1-define-tenant-infrastructure"> 1. Define Tenant Infrastructure <a class="anchor" href="#1-define-tenant-infrastructure">#</a> </h3> <p>Create Terraform configuration for tenant VMs:</p>