Multi-Tenancy

Tetrapus ships pod-per-Org tenancy. Every customer organisation runs its own data-plane process with its own database, its own JWT signing key, and its own audit chain. A small control plane, gateway, and operator coordinate routing, billing, and lifecycle. Below are the three shapes most teams deploy.

Deployment Shape Matrix

Concern	Hobbyist (single-Org)	Self-hosted Enterprise	SaaS (pod-per-Org)
Tenancy isolation	N/A — one Org	Process-per-Org via systemd template units	Pod-per-Org via Kubernetes operator
Database	Embedded SQLite	SQLite per-Org or shared Postgres	Postgres + per-Org schema or external DB URL
Scaling unit	Single binary	One `tetrapus-server@<slug>` unit per Org	One `Org` CRD → one Deployment
KMS support	Local file	Local file, HashiCorp Vault, AWS KMS	All of the above + GCP KMS, Azure Key Vault, CMEK
Billing	None	Optional JSONL meter; reconcile out-of-band	Stripe metered subscriptions + JSONL fallback
Compliance posture	Local audit chain	SOC 2, FedRAMP Moderate ready (air-gap supported)	SOC 2 Type II, ISO 27001, HIPAA BAA

Components

Control Plane

Org provisioning, data-plane registration, mTLS heartbeat, region assignment.

Gateway

TLS termination + per-Org routing reverse proxy. Region enforcement, rate-limit.

Kubernetes Operator

kube-rs CRDs Org / TenantPlane / KeyMaterial. Reconciles to PVC + Secret + Service + Deployment.

Billing & Usage

Stripe integration, usage metering taxonomy, air-gap JSONL fallback.

tetrapus-admin CLI

Operator workflows: bootstrap, keys, audit verify, attestation, break-glass, backup.

Where to start

Running on Kubernetes? Read the Helm chart reference.
Process-per-Org on Linux? See systemd units.
Operating an air-gapped install? Jump to air-gap install.

Questions?

Reach out for help with integration, deployment, or custom domain codecs.

Get Started Request a Demo