Introduction to Multi-Tenancy in Kubernetes

Reading Time: 3 minutes

What Is Multi-Tenancy?

Multi-tenancy is the ability to run workload belonging to different entities in a way that each entity’s workload are segregate from the others. It is an idea of sharing a single instance of an application or software among various tenants called multi-tenancy.

This approach is very popular since the rise of cloud environments. From the beginning of Kubernetes, developers and administrators need the same approach to implement on Kubernetes clusters. As that would provide better resource utilization, provide better management of underlying compute resources, and reduce cost.

Where Multi-Tenancy Serves Better?

Multi-tenancy has seen a lot of could adoption and is used most with cloud computing. Multi-tenant architecture are available in both public cloud and private cloud environments which allow each tenant’s data to be separate from each other. Each user is given a separate and ideally secure space within those servers to store data.

Multi-tenancy is also important for the scalability of public and private clouds that helped in making multi-tenancy a standard.

The multi-tenant architecture can also aid in providing a better ROI for organizations, as well as quickening the pace of maintenance and updates for tenants.

Different approaches of Multi-Tenant Architecture

Multi-tenancy in Kubernetes can be categorise in two broad terms:

  1. Soft Isolation: In this, we have a single enterprise with different teams accessing the same cluster, this requires less amount of security overhead as users can trust each other.
  2. Hard isolation: This is require where the Kubernetes is expose to multiple enterprises with independent and completely untrusted users.

There are various approach discuss in KubeCon Europe 2019 wherein every approach can be enlist in either of the two mention above categories.

The above-shown diagram outlines 4 different approaches to consume Kubernetes clusters in your environment.

1.Approach A:

This doesn’t provide an exact multi-tenant solution as it deploys different Kubernetes clusters.

This can be implemented by using segregated VM providers like Amazon EC2, GCP compute instance, and vSphere VM’s.

2.Approach B:

This is one of the popular architecture, wherein segregation is based on namespaces.

This provides soft isolation among different tenants.

With this, tenants can only see, modify, and create objects within their namespace. Moreover, they can create policies for security and roles within their namespace.

The main work carried out for the development of this approach is done by Project HNC (hierarchical namespaces).

3.Approach C:

This approach provides a way to implement hard isolation among Kubernetes tenants who have no trust between them. This provides segregated master plane components for each tenant by creating a mini virtual cluster on the super Kubernetes cluster.

Admins can also create custom resources in those virtual clusters as well. This is provided by projects like VirtualCluster and v Cluster.

4.Approach D:

Different from all of the above approach, it suggest that Kubernetes provide the support for creating tenants out of the box.

It is not yet develop because of the efforts that it would require to modify the Kubernetes source code.

Use-Cases for Multi-Tenancy in Kubernetes

  1. SaaS Applications: Implementation of multi-tenancy can enable organizations to centrally manage the infrastructure for their multiple customers. This makes it easy for SaaS organizations to manage their infrastructure shared among different tenants.
  2. Better Resource Utilization: Fewer clusters will be need as multiple teams can share a single cluster. Thus utilising cluster resources more efficiently.

Conclusion:

Multi-tenancy is becoming an important topic as more organizations use Kubernetes on a larger scale. Multi-tenant Kubernetes mean that the same cluster and control plane are share by multiple entities or users.

Scala Future

Written by 

I am reliable, hard-working with strong attention to detail and eager to learn about new technologies and business issues. I am able to work well both on my own initiative and as part of a team.