Ask HN: How do you deal with multi-tenancy (in k8s)?

3 pointsautogenerated7y ago1 comments

Curious how people deal with multi-tenancy in general and within Kubernetes in particular.

We run a B2B SaaS and have found configuration management to be an increasing pain, especially the fact that the resources that we dedicate to a single customer is a result of that configuration.

Right now we have clear separation between each tenant in the storage layer but share "compute resources" (yup, our service does some ML on behalf of our customers).

Since we already run on Kubernetes we are thinking of achieving that isolation through namespaces and maybe even through a custom resource/operator.

1 comments

1 comments · 1 top-level

PentiumBug7y ago

IMO, theoretically, it can be done. In practice, the consensus seems to gravitate to no, do not do that.

My experience is limited to on premises deployments, but here it goes: it's way better to isolate with different clusters, not only for different clients or business units, but several per user (think, for instance, infrastructure upgrades).

I think that standing up clusters these days is better a much better proposition than just a year ago. For instance, at $WORK, we extensively use rke and we can set things up in minutes in a fairly automated way (Terraform & Ansible.)

Edit: forgot one bit: I know about namespaces, RBAC, network policies, etc. I still think, in this point in time, that multiple smaller dedicated clusters are better than one huge beast. Maybe the story will get better over time.

j / k navigate · click thread line to collapse