// the find
tkestack/tke
Native Kubernetes container management platform supporting multi-tenant and multi-cluster
TKEStack is Tencent's open-source Kubernetes management platform for running multiple clusters with multi-tenant isolation, LDAP/OIDC auth, and a web UI. It's a self-hosted alternative to EKS/GKE console for organizations that want centralized cluster management without a cloud vendor. Target audience is platform/infra teams running Kubernetes on-prem or in private clouds.
The multi-tenancy model is well thought out — namespace isolation per project, cross-cluster RBAC, and resource quota tracking are all first-class rather than bolted on. The installer (tke-installer) handles bootstrapping a global cluster from scratch, which is genuinely hard to do well and saves a lot of manual kubeadm ceremony. The plugin system for auth, networking (Galaxy), GPU management, and HPA extensions is structured enough to actually be replaceable, not just documented as replaceable. Protobuf-based internal APIs with versioned types (v1, internal) follow the upstream Kubernetes pattern, which means the internal machinery is familiar to anyone who's worked on k8s controllers.
Last commit was August 2024 and the most recent release targets k8s 1.22 — that's three major Kubernetes versions behind current. Adopting this means running an unsupported k8s version or doing the upgrade work yourself, which defeats the purpose. Documentation is almost entirely in Chinese; the English README gets you to a running installer but everything past that (configuration, ops, troubleshooting) requires translation or guessing. The go.mod replace directives are a red flag — they're pinning forked versions of k8s/apiserver and chartmuseum/storage, meaning you're building on unmaintained forks rather than upstream. The 8 CPU / 16 GB minimum just for the management plane is steep if you're not already running sizeable nodes.