{"id":"1277079a-cbae-4ede-b012-fb68ee9931e6","shortId":"PKzgRw","kind":"skill","title":"kubesphere-multi-tenant-management","tagline":"KubeSphere multi-tenant management Skill. Use when user requests to create users, workspaces, projects, or assign roles/permissions. Supports user lifecycle management, workspace configuration, project creation, role binding. Do not perform any delete operations, do not create cu","description":"# KubeSphere Multi-Tenant Management\n\n## Security Guidelines\n\n1. **Never use kubectl edit/delete** - Do NOT use `kubectl edit`, `kubectl delete`, or similar commands to modify or delete workspaces, projects, users, roles, or role bindings. These operations are sensitive and should be performed via KubeSphere Console with proper approval workflow.\n\n2. **Never perform delete operations via API** - Do NOT delete users, workspaces, projects, roles, or role bindings via API. These operations must be performed manually via KubeSphere Console with proper approval workflow. Only use this skill for creating and querying resources.\n\n3. **Never create custom roles** - Do NOT create custom roles (Role, WorkspaceRole, GlobalRole). Only use built-in roles provided by KubeSphere. If custom permissions are needed, instruct the user to configure them via KubeSphere Console.\n\n4. **Default to least privilege** - When creating users or assigning permissions, always use the minimum required access level:\n - New user creation: default to `platform-regular` (not platform-admin)\n - Inviting user to workspace: default to `-regular` (not admin)\n - Inviting user to project: default to `viewer` (not admin)\n - Only escalate permissions when explicitly requested\n\n\n## Core Concepts\n\n### Workspace\n\nThe top-level organizational unit in KubeSphere, representing a team, department, or business unit. A workspace can contain multiple projects and serves as the basic boundary for resource grouping and access control. **Workspaces can span multiple clusters**, enabling centralized management of resources distributed across different clusters.\n\n### Project\n\nKubeSphere's enhanced Kubernetes namespace, representing a specific application, environment, or workload within a workspace. Each project maps to a separate namespace.\n\n### User & Role\n\n- **User**: KubeSphere account entity, can be platform admin, workspace member, or project member\n- **Role**: Permission set defined in KubeSphere's three-tier RBAC:\n\n**Project Roles** (`roles.iam.kubesphere.io`):\n- `admin`: Full access to all resources\n- `operator`: Create/update/delete resources, cannot manage roles\n- `viewer`: Read-only access\n\n**Workspace Roles** (WorkspaceRole, `workspaceroles.iam.kubesphere.io`):\n- `-admin`: Full access to workspace and all projects\n- `-regular`: Limited workspace access\n- `-self-provisioner`: Create projects in workspace\n- `-viewer`: Read-only access to workspace\n\n**Platform Roles** (GlobalRole, `globalroles.iam.kubesphere.io`):\n- `platform-admin`: Full access to all resources\n- `platform-regular`: Limited platform access\n- `platform-self-provisioner`: Can create workspaces\n\n**Role Binding** (KubeSphere API endpoints, binds roles to Users):\n- Project-level: `/namespacemembers` API, binds `roles.iam.kubesphere.io` to User\n- Workspace-level: `/workspacemembers` API, binds `workspaceroles.iam.kubesphere.io` to User\n- Platform-level: `/users/` API, binds `globalroles.iam.kubesphere.io` to User via annotation\n\n## Step-by-Step Guide\n\n### Prerequisites\n\nSet up authentication using the provided CLI tool. First, navigate to the scripts directory:\n\n```bash\n# Navigate to the skill's scripts directory\n# Example path (replace with your actual kubesphere-skills location):\ncd ~/kubesphere-skills/core/kubesphere-core/scripts\n\n# Install required Python package\npip install requests\n\n\n# Set host endpoint (optional, defaults to http://ks-apiserver.kubesphere-system)\nexport KUBESPHERE_HOST=\"http://\"\n\n# Login to get token (token will be cached)\npython ks_api.py --login --username admin --password \n\n# Token is cached in ~/.kubesphere_token and auto-refreshed\n\n# Optional: Clear cached token\npython ks_api.py --clear-cache\n```\n\n### 1. Create Workspace\n\n**Required parameters:**\n- `workspace-name`: Name for the workspace (maps to `metadata.name`)\n- `manager`: Workspace manager (maps to `spec.template.spec.manager`, default to current login user)\n- `creator`: Creator name (maps to `metadata.annotations[\"kubesphere.io/creator\"]`)\n- `clusters`: List of cluster names to host this workspace (maps to `spec.placement.clusters`)\n\n```bash\n# Create workspace via Python CLI\npython ks_api.py POST /kapis/tenant.kubesphere.io/v1beta1/workspacetemplates '{\n \"apiVersion\": \"iam.kubesphere.io/v1beta1\",\n \"kind\": \"WorkspaceTemplate\",\n \"metadata\": {\n \"name\": \"\",\n \"annotations\": {\n \"kubesphere.io/creator\": \"\"\n }\n },\n \"spec\": {\n \"template\": {\n \"spec\": {\n \"manager\": \"\"\n },\n \"metadata\": {\n \"annotations\": {\n \"kubesphere.io/creator\": \"\"\n }\n }\n },\n \"placement\": {\n \"clusters\": [\n {\"name\": \"\"}\n ]\n }\n }\n}'\n```\n\n**Note:** Before creating a workspace, always ask the user for:\n- Workspace name (required)\n- Manager (required, default to current login user)\n- Clusters (required) - which cluster(s) to assign the workspace to\n\n\n### 2. Create Project within Workspace\n\n**Required parameters:**\n- `project-name`: Name for the project (maps to `metadata.name`)\n- `workspace-name`: Name of the workspace to create the project in (maps to `metadata.labels[\"kubesphere.io/workspace\"]`)\n- `cluster-name`: Cluster name to create the project in (maps to URI path and `cluster` field)\n- `creator`: Creator name (maps to `metadata.annotations[\"kubesphere.io/creator\"]`)\n\n```bash\n# Create project within workspace via Python CLI\npython ks_api.py POST /clusters//kapis/tenant.kubesphere.io/v1beta1/workspaces//namespaces '{\n \"apiVersion\": \"v1\",\n \"kind\": \"Namespace\",\n \"metadata\": {\n \"labels\": {\n \"kubesphere.io/workspace\": \"\",\n \"kubesphere.io/managed\": \"true\"\n },\n \"name\": \"\",\n \"annotations\": {\n \"kubesphere.io/creator\": \"\"\n }\n },\n \"cluster\": \"\"\n}'\n```\n\n**Note:** Before creating a project, always ask the user for:\n- Project name (required)\n- Workspace name (required) - which workspace to create the project in\n- Cluster name (required) - which cluster to create the project in\n\n### 3. Create User\n\n**Required parameters:**\n- `username`: Username for the new user\n- `email`: User's email address\n- `password`: User's password (must meet KubeSphere password policy)\n\n**Optional parameters:**\n- `globalrole`: Platform role (default: `platform-regular`)\n\n```bash\n# Create user via Python CLI\npython ks_api.py POST /kapis/iam.kubesphere.io/v1beta1/users '{\n \"apiVersion\": \"iam.kubesphere.io/v1beta1\",\n \"kind\": \"User\",\n \"metadata\": {\n \"annotations\": {\n \"iam.kubesphere.io/uninitialized\": \"true\",\n \"iam.kubesphere.io/globalrole\": \"platform-regular\",\n \"kubesphere.io/creator\": \"admin\"\n },\n \"name\": \"\"\n },\n \"spec\": {\n \"email\": \"\",\n \"password\": \"\"\n }\n}'\n```\n\n**Note:** Before creating a user, always ask the user for:\n- Username (required)\n- Email address (required)\n- Platform role: If not specified, default to `platform-regular`\n\n### 4. Invite User to Workspace/Project\n\n**For Workspace invitation:**\n- `username`: Username to invite (required)\n- `workspace-name`: Target workspace name (required)\n- `role`: Workspace role (default: `-regular`)\n\n**For Project invitation:**\n- `username`: Username to invite (required)\n- `project-name`: Target project name (required)\n- `cluster-name`: Cluster name (required)\n- `role`: Project role (default: `viewer`)\n\n```bash\n# Invite user to workspace (default role: -regular)\npython ks_api.py POST /kapis/iam.kubesphere.io/v1beta1/workspaces//workspacemembers '[{\"username\":\"\",\"roleRef\":\"-regular\"}]'\n```\n\n```bash\n# Invite user to project (default role: viewer)\npython ks_api.py POST /clusters//kapis/iam.kubesphere.io/v1beta1/namespaces//namespacemembers '[{\"username\":\"\",\"roleRef\":\"viewer\"}]'\n```\n\n**Note:** Before inviting a user, always ask the user for:\n- Username to invite (required)\n- Target: workspace or project (required)\n- Role: If not specified, default to `-regular` for workspace or `viewer` for project\n\n\n\n### 5. Modify User Permissions\n\nModify user roles at three levels: platform, workspace, and project.\n\n**For Platform Role (global role):**\n- `username`: Username to modify (required)\n- `globalrole`: New platform role (required)\n- Note: Must first GET the user to get current metadata, then PUT with updated annotation\n\n```bash\n# Step 1: Get current user info (required before modification)\npython ks_api.py GET /kapis/iam.kubesphere.io/v1beta1/users/\n\n# Step 2: Update global role annotation\npython ks_api.py PUT /kapis/iam.kubesphere.io/v1beta1/users/ '{\n \"apiVersion\": \"iam.kubesphere.io/v1beta1\",\n \"kind\": \"User\",\n \"metadata\": {\n \"name\": \"\",\n \"annotations\": {\n \"iam.kubesphere.io/globalrole\": \"\"\n }\n }\n}'\n```\n\n**For Workspace Role:**\n- `username`: Username to modify (required)\n- `workspace-name`: Target workspace name (required)\n- `roleRef`: New workspace role (required)\n\n```bash\n# Modify user role in workspace\npython ks_api.py PUT /kapis/iam.kubesphere.io/v1beta1/workspaces//workspacemembers/ '{\"username\":\"\",\"roleRef\":\"-\"}'\n```\n\n**For Project Role:**\n- `username`: Username to modify (required)\n- `project-name`: Target project name (required)\n- `cluster-name`: Cluster name (required)\n- `roleRef`: New project role (required)\n\n```bash\n# Modify user role in project\npython ks_api.py PUT /clusters//kapis/iam.kubesphere.io/v1beta1/namespaces//namespacemembers/ '{\"username\":\"\",\"roleRef\":\"\"}'\n```\n\n**Note:** Before modifying permissions, always ask the user for:\n- Username to modify (required)\n- Scope: platform / workspace / project (required)\n- New role: Only use built-in roles provided by KubeSphere\n\n\n### 6. Query Resources\n\n#### List Workspaces\n```bash\npython ks_api.py GET /kapis/tenant.kubesphere.io/v1beta1/workspacetemplates\n```\n\n#### List Users\n```bash\npython ks_api.py GET /kapis/iam.kubesphere.io/v1beta1/users\n```\n\n#### List Workspace Members\n```bash\npython ks_api.py GET /kapis/iam.kubesphere.io/v1beta1/workspaces//workspacemembers\n```\n\n#### List Project Members\n```bash\npython ks_api.py GET /clusters//kapis/iam.kubesphere.io/v1beta1/namespaces//namespacemembers\n```\n\n#### List Projects in Workspace\n```bash\npython ks_api.py GET /clusters//kapis/tenant.kubesphere.io/v1beta1/workspaces//namespaces\n```\n\n#### Get User Details\n```bash\npython ks_api.py GET /kapis/iam.kubesphere.io/v1beta1/users/\n```\n\n\n## Error Handling\n\n| Error Code | Cause | Solution |\n|------------|-------|----------|\n| `401 Unauthorized` | Token expired | `python ks_api.py --clear-cache && python ks_api.py --login --username admin --password ` |\n| `403 Forbidden` | No permission | Use admin account |\n| `409 Conflict` | Resource already exists | Use different name |\n| `404 Not Found` | Resource not found | Verify name/workspace/cluster is correct |\n| `400 Bad Request` | Invalid parameters | Check error message for details (email format, password policy, naming rules) |\n| Connection refused/timeout | API unreachable | Verify KUBESPHERE_HOST is correct |\n\n**Debugging:**\n- `--quiet` flag for cleaner output: `python ks_api.py GET /users --quiet`\n- Check token: `python ks_api.py`\n\n\n## References\n\n- [KubeSphere Workspace Documentation](https://docs.kubesphere.com.cn/v4.2.1/08-workspace-management/)\n- [Multi-Tenant Architecture](./references/multi-tenancy-in-kubesphere.md)\n- [Using RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n\n## Related Skills\n\n- `kubesphere-core` - Core platform architecture\n- `kubesphere-cluster-management` - Cluster operations","tags":["kubesphere","multi","tenant","management","agent-skills","cloud-native","cncf","devops","ebpf","hacktoberfest","kubernetes","llm"],"capabilities":["skill","source-kubesphere","skill-kubesphere-multi-tenant-management","topic-agent-skills","topic-cloud-native","topic-cncf","topic-devops","topic-ebpf","topic-hacktoberfest","topic-kubernetes","topic-kubesphere","topic-llm","topic-multi-cluster","topic-multi-tenancy","topic-observability"],"categories":["kubesphere"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/kubesphere/kubesphere/kubesphere-multi-tenant-management","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add kubesphere/kubesphere","source_repo":"https://github.com/kubesphere/kubesphere","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 16920 github stars · SKILL.md body (12,064 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-03T00:52:30.262Z","embedding":null,"createdAt":"2026-04-18T21:53:17.776Z","updatedAt":"2026-05-03T00:52:30.262Z","lastSeenAt":"2026-05-03T00:52:30.262Z","tsv":"'/.kubesphere_token':511 '/clusters':708,936,1122,1189,1200 '/creator':559,593,602,696,728,827 '/docs/reference/access-authn-authz/rbac/)':1314 '/globalrole':821,1053 '/kapis/iam.kubesphere.io/v1beta1/namespaces':937,1123,1190 '/kapis/iam.kubesphere.io/v1beta1/users':806,1031,1041,1172,1210 '/kapis/iam.kubesphere.io/v1beta1/workspaces':920,1083,1180 '/kapis/tenant.kubesphere.io/v1beta1/workspaces':709,1201 '/kapis/tenant.kubesphere.io/v1beta1/workspacetemplates':581,1165 '/kubesphere-skills/core/kubesphere-core/scripts':474 '/managed':722 '/namespacemembers':409,938,1124,1191 '/namespaces':710,1202 '/references/multi-tenancy-in-kubesphere.md':1308 '/uninitialized':817 '/users':427,1291 '/v1beta1':585,810,1045 '/v4.2.1/08-workspace-management/)':1303 '/workspace':670,719 '/workspacemembers':418,921,1084,1181 '1':51,525,1020 '2':92,636,1033 '3':133,763 '4':169,858 '400':1257 '401':1217 '403':1232 '404':1247 '409':1239 '5':974 '6':1156 'access':185,257,327,341,348,357,369,380,389 'account':300,1238 'across':270 'actual':468 'address':778,846 'admin':198,207,216,305,325,346,378,505,828,1230,1237 'alreadi':1242 'alway':180,611,735,838,947,1131 'annot':434,590,599,725,814,1017,1037,1050 'api':98,110,400,410,419,428,1275 'apivers':582,711,807,1042 'applic':282 'approv':90,122 'architectur':1307,1322 'ask':612,736,839,948,1132 'assign':22,178,632 'authent':443 'author':1311 'auto':514 'auto-refresh':513 'bad':1258 'bash':455,572,697,797,909,925,1018,1074,1113,1161,1168,1176,1185,1196,1206 'basic':251 'bind':33,76,108,398,402,411,420,429 'boundari':252 'built':149,1150 'built-in':148,1149 'busi':239 'cach':500,509,518,524,1225 'cannot':334 'caus':1215 'cd':473 'central':265 'check':1262,1293 'cleaner':1286 'clear':517,523,1224 'clear-cach':522,1223 'cli':447,577,704,802 'cluster':263,272,560,563,604,626,629,672,674,686,729,753,757,899,901,1103,1105,1325,1327 'cluster-nam':671,898,1102 'code':1214 'command':65 'concept':224 'configur':29,164 'conflict':1240 'connect':1273 'consol':87,119,168 'contain':244 'control':258 'core':223,1319,1320 'correct':1256,1281 'creat':17,42,129,135,140,175,361,395,526,573,608,637,661,677,698,732,749,759,764,798,835 'create/update/delete':332 'creation':31,189 'creator':551,552,688,689 'cu':43 'current':548,623,1011,1022 'custom':136,141,156 'debug':1282 'default':170,190,203,212,486,546,621,793,853,881,907,914,930,965 'defin':314 'delet':38,62,69,95,101 'depart':237 'detail':1205,1266 'differ':271,1245 'directori':454,462 'distribut':269 'docs.kubesphere.com.cn':1302 'docs.kubesphere.com.cn/v4.2.1/08-workspace-management/)':1301 'document':1300 'edit':60 'edit/delete':55 'email':774,777,831,845,1267 'enabl':264 'endpoint':401,484 'enhanc':276 'entiti':301 'environ':283 'error':1211,1213,1263 'escal':218 'exampl':463 'exist':1243 'expir':1220 'explicit':221 'export':490 'field':687 'first':449,1005 'flag':1284 'forbidden':1233 'format':1268 'found':1249,1252 'full':326,347,379 'get':495,1006,1010,1021,1030,1164,1171,1179,1188,1199,1203,1209,1290 'global':991,1035 'globalrol':145,374,790,998 'globalroles.iam.kubesphere.io':375,430 'group':255 'guid':439 'guidelin':50 'handl':1212 'host':483,492,566,1279 'iam.kubesphere.io':584,809,816,820,1044,1052 'iam.kubesphere.io/globalrole':819,1051 'iam.kubesphere.io/uninitialized':815 'iam.kubesphere.io/v1beta1':583,808,1043 'info':1024 'instal':475,480 'instruct':160 'invalid':1260 'invit':199,208,859,865,869,885,889,910,926,944,954 'kind':586,713,811,1046 'ks-apiserver.kubesphere':488 'ks_api.py':502,521,579,706,804,918,934,1029,1039,1081,1120,1163,1170,1178,1187,1198,1208,1222,1227,1289,1296 'kubectl':54,59,61 'kubernet':277 'kubernetes.io':1313 'kubernetes.io/docs/reference/access-authn-authz/rbac/)':1312 'kubespher':2,6,44,86,118,154,167,233,274,299,316,399,470,491,785,1155,1278,1298,1318,1324 'kubesphere-cluster-manag':1323 'kubesphere-cor':1317 'kubesphere-multi-tenant-manag':1 'kubesphere-skil':469 'kubesphere.io':558,592,601,669,695,718,721,727,826 'kubesphere.io/creator':557,591,600,694,726,825 'kubesphere.io/managed':720 'kubesphere.io/workspace':668,717 'label':716 'least':172 'level':186,229,408,417,426,983 'lifecycl':26 'limit':355,387 'list':561,1159,1166,1173,1182,1192 'locat':472 'login':493,503,549,624,1228 'manag':5,10,27,48,266,335,540,542,597,619,1326 'manual':116 'map':291,537,543,554,569,650,665,681,691 'meet':784 'member':307,310,1175,1184 'messag':1264 'metadata':588,598,715,813,1012,1048 'metadata.annotations':556,693 'metadata.labels':667 'metadata.name':539,652 'minimum':183 'modif':1027 'modifi':67,975,978,996,1060,1075,1093,1114,1129,1138 'multi':3,8,46,1305 'multi-ten':7,45,1304 'multipl':245,262 'must':113,783,1004 'name':532,533,553,564,589,605,617,645,646,655,656,673,675,690,724,741,744,754,829,873,876,893,896,900,902,1049,1064,1067,1097,1100,1104,1106,1246,1271 'name/workspace/cluster':1254 'namespac':278,295,714 'navig':450,456 'need':159 'never':52,93,134 'new':187,772,999,1070,1109,1145 'note':606,730,833,942,1003,1127 'oper':39,78,96,112,331,1328 'option':485,516,788 'organiz':230 'output':1287 'packag':478 'paramet':529,642,767,789,1261 'password':506,779,782,786,832,1231,1269 'path':464,684 'perform':36,84,94,115 'permiss':157,179,219,312,977,1130,1235 'pip':479 'placement':603 'platform':193,197,304,372,377,385,388,391,425,791,795,823,848,856,984,989,1000,1141,1321 'platform-admin':196,376 'platform-level':424 'platform-regular':192,384,794,822,855 'platform-self-provision':390 'polici':787,1270 'post':580,707,805,919,935 'prerequisit':440 'privileg':173 'project':20,30,71,104,211,246,273,290,309,322,353,362,407,638,644,649,663,679,699,734,740,751,761,884,892,895,905,929,959,973,987,1088,1096,1099,1110,1118,1143,1183,1193 'project-level':406 'project-nam':643,891,1095 'proper':89,121 'provid':152,446,1153 'provision':360,393 'put':1014,1040,1082,1121 'python':477,501,520,576,578,703,705,801,803,917,933,1028,1038,1080,1119,1162,1169,1177,1186,1197,1207,1221,1226,1288,1295 'queri':131,1157 'quiet':1283,1292 'rbac':321,1310 'read':339,367 'read-on':338,366 'refer':1297 'refresh':515 'refused/timeout':1274 'regular':194,205,354,386,796,824,857,882,916,924,967 'relat':1315 'replac':465 'repres':234,279 'request':15,222,481,1259 'requir':184,476,528,618,620,627,641,742,745,755,766,844,847,870,877,890,897,903,955,960,997,1002,1025,1061,1068,1073,1094,1101,1107,1112,1139,1144 'resourc':132,254,268,330,333,383,1158,1241,1250 'role':32,73,75,105,107,137,142,143,151,297,311,323,336,343,373,397,403,792,849,878,880,904,906,915,931,961,980,990,992,1001,1036,1056,1072,1077,1089,1111,1116,1146,1152 'roleref':923,940,1069,1086,1108,1126 'roles.iam.kubesphere.io':324,412 'roles/permissions':23 'rule':1272 'scope':1140 'script':453,461 'secur':49 'self':359,392 'self-provision':358 'sensit':80 'separ':294 'serv':248 'set':313,441,482 'similar':64 'skill':11,127,459,471,1316 'skill-kubesphere-multi-tenant-management' 'solut':1216 'source-kubesphere' 'span':261 'spec':594,596,830 'spec.placement.clusters':571 'spec.template.spec.manager':545 'specif':281 'specifi':852,964 'step':436,438,1019,1032 'step-by-step':435 'support':24 'system':489 'target':874,894,956,1065,1098 'team':236 'templat':595 'tenant':4,9,47,1306 'three':319,982 'three-tier':318 'tier':320 'token':496,497,507,519,1219,1294 'tool':448 'top':228 'top-level':227 'topic-agent-skills' 'topic-cloud-native' 'topic-cncf' 'topic-devops' 'topic-ebpf' 'topic-hacktoberfest' 'topic-kubernetes' 'topic-kubesphere' 'topic-llm' 'topic-multi-cluster' 'topic-multi-tenancy' 'topic-observability' 'true':723,818 'unauthor':1218 'unit':231,240 'unreach':1276 'updat':1016,1034 'uri':683 'use':12,53,58,125,147,181,444,1148,1236,1244,1309 'user':14,18,25,72,102,162,176,188,200,209,296,298,405,414,423,432,550,614,625,738,765,773,775,780,799,812,837,841,860,911,927,946,950,976,979,1008,1023,1047,1076,1115,1134,1167,1204 'usernam':504,768,769,843,866,867,886,887,922,939,952,993,994,1057,1058,1085,1090,1091,1125,1136,1229 'v1':712 'verifi':1253,1277 'via':85,97,109,117,166,433,575,702,800 'viewer':214,337,365,908,932,941,971 'within':286,639,700 'workflow':91,123 'workload':285 'workspac':19,28,70,103,202,225,242,259,288,306,342,350,356,364,371,396,416,527,531,536,541,568,574,610,616,634,640,654,659,701,743,747,864,872,875,879,913,957,969,985,1055,1063,1066,1071,1079,1142,1160,1174,1195,1299 'workspace-level':415 'workspace-nam':530,653,871,1062 'workspace/project':862 'workspacerol':144,344 'workspaceroles.iam.kubesphere.io':345,421 'workspacetempl':587","prices":[{"id":"649300e4-e82b-4261-8eb9-d919ceb16855","listingId":"1277079a-cbae-4ede-b012-fb68ee9931e6","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"kubesphere","category":"kubesphere","install_from":"skills.sh"},"createdAt":"2026-04-18T21:53:17.776Z"}],"sources":[{"listingId":"1277079a-cbae-4ede-b012-fb68ee9931e6","source":"github","sourceId":"kubesphere/kubesphere/kubesphere-multi-tenant-management","sourceUrl":"https://github.com/kubesphere/kubesphere/tree/master/skills/kubesphere-multi-tenant-management","isPrimary":false,"firstSeenAt":"2026-04-18T21:53:17.776Z","lastSeenAt":"2026-05-03T00:52:30.262Z"}],"details":{"listingId":"1277079a-cbae-4ede-b012-fb68ee9931e6","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"kubesphere","slug":"kubesphere-multi-tenant-management","github":{"repo":"kubesphere/kubesphere","stars":16920,"topics":["agent-skills","ai","cloud-native","cncf","devops","ebpf","hacktoberfest","kubernetes","kubesphere","llm","multi-cluster","multi-tenancy","observability","servicemesh","skills","skills-sh","skillsmp"],"license":"other","html_url":"https://github.com/kubesphere/kubesphere","pushed_at":"2026-04-27T06:10:27Z","description":"The container platform tailored for Kubernetes multi-cloud, datacenter, and edge management ⎈ 🖥 ☁️","skill_md_sha":"ea030cfa15e92fcd4508a94346fe1250dbb4067c","skill_md_path":"skills/kubesphere-multi-tenant-management/SKILL.md","default_branch":"master","skill_tree_url":"https://github.com/kubesphere/kubesphere/tree/master/skills/kubesphere-multi-tenant-management"},"layout":"multi","source":"github","category":"kubesphere","frontmatter":{"name":"kubesphere-multi-tenant-management","description":"KubeSphere multi-tenant management Skill. Use when user requests to create users, workspaces, projects, or assign roles/permissions. Supports user lifecycle management, workspace configuration, project creation, role binding. Do not perform any delete operations, do not create custom roles."},"skills_sh_url":"https://skills.sh/kubesphere/kubesphere/kubesphere-multi-tenant-management"},"updatedAt":"2026-05-03T00:52:30.262Z"}}