Skip to main content
Loading
Version: Graph 2.4.2

Multi-tenant graphs

Overview

This page describes how to configure and use multiple graphs within the same Aerospike namespace. Multi-tenant graphs enable the creation and management of several logically isolated graphs within a shared namespace, allowing for distinct graphs to operate independently while sharing common infrastructure. This approach is ideal for applications requiring multi-tenancy, as it streamlines graph management while maintaining strong access controls across different graphs.

For scenarios that require a higher level of isolation at the storage level, consider using single graphs per namespace instead. This provides a higher level of separation of data for applications with stricter multi-tenancy requirements.

Configuration and usage

To set up multi-tenant graphs when starting an Aerospike Graph Service (AGS) instance, use the aerospike.graph-service.graphs configuration option to specify graph names. You can do this using an environment variable or with a properties file.

Specifying Graph Names and Traversal Names

Each individual graph has an associated graph name and a traversal name. You can specify the graph name and traversal name for each graph with the aerospike.graph-service.graphs and <GRAPH-NAME>.aerospike.graph.traversal configuration options.

The traversal name is optional. If it is not specified, it defaults to g<GRAPH-NAME>. For instance, a graph named myGraph has a default traversal name of gmyGraph. For single-graph AGS instances that do not utilize multi-tenancy, the traversal name defaults to g. The graph name is used to define configuration options specific to that graph, as demonstrated in the example.

  • The graph name is used to configure settings specific to that graph, as illustrated in the example. It is also used for HTTP endpoints and in setting up RBAC authentication.

    Graph name requirements

    • Graph names must contain only letters, numbers, dashes, and underscores. No other special characters are supported.
    • Graph names must be no longer than 32 characters.
    • The graph name and its traversal name must be different.
    • Multi-tenant graphs must be configured when starting AGS. If you need to add or change graph names after the AGS instance has started, you must stop the AGS instance, update the configuration options, then start AGS again.
  • The traversal name is intended for client applications. Use the traversal name when connecting to AGS through a client application, such as when using the Gremlin console.

Example configuration

The following is an example configuration for an AGS instance with multi-tenancy:

aerospike.client.host=172.17.0.1
aerospike.client.port=3000
aerospike.client.namespace=test

# Specify names for named graphs
aerospike.graph-service.graphs=myGraph,modern

# Specify traversal name for myGraph
myGraph.aerospike.graph.traversal=myGraph-traversal

# If no user-supplied traversal name is given for graph modern,
# it defaults to:
# modern.aerospike.graph.traversal=gmodern

# Other configuration options can be specified for each graph
# as follows:

myGraph.aerospike.client.policy.scan.totalTimeout=100
myGraph.aerospike.client.clientPolicy.minConnsPerNode=40
myGraph.aerospike.client.clientPolicy.maxConnsPerNode=60

modern.aerospike.client.policy.scan.totalTimeout=2000
modern.aerospike.client.clientPolicy.minConnsPerNode=400
modern.aerospike.client.clientPolicy.maxConnsPerNode=600

Connecting to a multi-tenant graph

To connect to a multi-tenant graph, use the graph traversal name as an argument in the connection command. The following example shows a connection to a graph from the Gremlin console with the traversal name myGraph-traversal:

g = traversal().withRemote(DriverRemoteConnection.using("GREMLIN_SERVER_IP_ADDRESS", 8182, "myGraph-traversal"));
note

The g object in this context is used by the client application, while myGraph-traversal is within the scope of the Aerospike Graph Service (AGS).

RBAC support

If RBAC is enabled for your AGS instance, you can create tokens to assign roles to different graphs. For more information, refer to the RBAC guide for details on creating and managing JWT tokens for multi-tenant graphs.