Architecture for a tenant based SaaS application

Sauravmoy Sarkar
3 min readNov 16, 2021

Jenkins + Helm + EKS + Nginx Ingress + Docker + Kubernates namespaces + NLB + TLS + microservices

Context

There is no silver bullet to design a tenant based SaaS application unfortunately! There is no best practice either when it comes to designing a tenant based SaaS application! In general, design should be use case driven!

With a single Jenkins build you wanted to set up the entire application literally in seconds, then this article is for you! Here is a github repository for the all the code that is described in this article.

Now if your rationale is close to below, to build a tenant based SaaS application then you may follow this article. You want to deploy your workload in AWS

  1. You want to use EKS as the cloud offering to deploy your application
  2. If your requirement is to have logical separation of data and / or on the microservices (pod) level
  3. If you want to have a wildcard (https://www.tenantname.dns.com) DNS name.
  4. You want to use ingress
  5. You are building something else but you are exploring how to work with Jenkins, Helm, EKS, Ingress, K8S namespaces, NLB, TLS, microservices etc.

Prior brush up requirement

Before you dive deep into this article please make sure you brush up a little if you are not hands on on the below topics so that this you understand this write up.

  1. Kubernates (Service, POD, Deployment, namespace)
  2. Docker
  3. Nginx Ingress
  4. Helm
  5. DNS routing
  6. ELB / NLB
  7. TLS / HTTPS
  8. EC2
  9. Kubectl

The Architecture

Here the sequence of request is

  • Once request lands on DNS, the request is redirected to the static IP of the NLB.
  • NLB distributes the load through out the ingress instances.
  • Ingress route rule redirects the request to appropriate tenant’s namespace and finally to API endpoints.

Implementation

Now lets implement the above concept. Please look at this sample github for the helm chart and automation purposes which includes the Kubernates Objects (like sample deployment and service manifests) that is needed for this write up to explain.

Now in this GitHub repo, you will see there are two packages called ingress-rules-deploy and nginx-ingress-controller-deploy. The concept behind their implementations I have described in my this write up.

We have another package called pre-deploy in the same git repo. Which basically hold the sample of Kubernates manifests of the application (YOUR APPLICATION) you are developing in a umbrella helm chart way. We’ll execute this helm chart from Jenkins in the following sections. You need to develop and replace these manifest with your application specific manifests.

The last package we have is pipeline. This contains some shell scripts which can be run from the Jenkins pipeline. The shell scripts would be responsible for running helm command and kubectl command. They are pretty much self explanatory please take a look.

Jenkins pipeline implementation

This section of Jenkins implementation wont be a detailed one, rather it would only focus how we can automate the above code.

For simplicity how we execute our above mentioned code, I’m going to create a simple “Freestyle project” pipeline using Jenkins interface. In the build section in the pipeline I am using a shell script (you may choose any other scripting according to your scenario) to automate.

if [[ $Action == OnBoard ]]
then
echo "Start onboarding of the "$tenantName
echo "Starting replacing the placeholder"

grep -rl "{{namespace-placeholder}}" . | xargs sed -i 's/{{namespace-placeholder}}/'$tenantName'/g'
grep -rl "{{tenant-placeholder}}" . | xargs sed -i 's/{{tenant-placeholder}}/'$tenantName'/g'

echo "Replacement done."
su - admin -c 'sh /PATH_WHERE_YOU_CLONED_GIT_REPO_IN_JENKINS_SERVER/execute_onboard.sh $tenantName'
elif [[ $Action == OffBoard ]]
then
echo "Start off-boarding the "$tenantName
su - admin -c 'sh /PATH_WHERE_YOU_CLONED_GIT_REPO_IN_JENKINS_SERVER/execute_offboard.sh $tenantName'
fi

Hope this helps someone!. Feel free to comment on anything that can be improved or you have any concern! Enjoy !

Please encourage to write similar article hitting the follow button.

You may also follow me on LinkedIn

--

--

Sauravmoy Sarkar

Technologist, Fullstack Architect, DevOps and cloud engineer, Solutionist, Entrepreneur, Son-husband-father