Review Stakeholders: @johnBgood @sbuettner @deepthidevaki
Links to Epics/Related Issues
Deliverables
- Connectors runtime multi-tenant overview page covering:
- One runtime instance, multiple Physical Tenants
- No separate deployment per tenant needed
- Job worker registration per tenant
- Authorization and secret isolation model
- Configuration guide covering:
- Runtime registration with Orchestration Cluster
- Tenant specification in runtime config (all or subset)
- Secret resolution per tenant (centralized secret management)
- Authentication headers/credentials for multi-tenant requests
- Outbound connectors documentation covering:
- How connectors know which tenant triggered job
- Tenant context propagation to external systems
- Per-tenant secret access (API keys isolated per tenant)
- Example: HTTP connector calling different endpoints per tenant
- Inbound connectors documentation covering:
- Inbound connector path/routing strategy
- How inbound webhooks routed to correct tenant
- Known limitations for inbound connectors
- Security implications of shared inbound endpoint
- Operational considerations covering:
- Monitoring job execution per tenant
- Secret rotation across tenants
- Scaling strategy (one runtime vs multiple)
- Failure handling and retry semantics per tenant
Context We Have
Engineering Questions
- How does Connectors runtime know which Physical Tenant a job came from? (Header injection, context variable, explicit configuration?)
- For inbound connectors (webhooks), what is routing strategy to determine which tenant a request is for? (URL path, header, or other?)
- If secret updated in centralized secret manager, does runtime refresh immediately, on next job, or on schedule?
- For inbound connectors, what is recommended security model to prevent webhook from one tenant accidentally triggering job in another?
Review Stakeholders: @johnBgood @sbuettner @deepthidevaki
Links to Epics/Related Issues
Deliverables
Context We Have
Engineering Questions