Home Architecture Introduction to Kubernetes Multi-tenancy..(1/2)

Introduction to Kubernetes Multi-tenancy..(1/2)

by Vamsi Chemitiganti

A multi-tenant architecture is key in reliably hosting applications and business services that will eventually produce value for the customer. Not designing a K8s infrastructure for multi-tenancy will lead to business initiative & project failure. In the first in a two-part blog post, we will discuss the architectural and technical details of building a multitenant k8s platform.

Let’s define Multi-tenant Kubernetes

One of the key challenges that led to the formalization of the Kubernetes project was the inability of docker containers to scale beyond a few nodes. Extending this to the everyday enterprise, most organizations will run containerized infrastructure across multiple applications, multiple clusters and multiple groups of users.    Multi-tenant Kubernetes deployments ensure that both DevOps & IT Ops/SRE’s across business areas and development organizations can schedule their workloads on pods across a hybrid cloud – bare metal, VM, private and public cloud infrastructure.
For the end-user, the interaction with the Kubernetes master and the pods should look no different in that they use the regular kubectl command-line tool, the K8s API and interact with the minions that run their pods. All the challenges around multi-tenancy are entirely abstracted away from them.

This defines the Multi-tenancy challenge and this leads to issues around three specific areas – resource sharing, self-service, tenant management from both an API & UI perspective and security.

The Key Technical Challenges to Realizing a Multitenant K8s Architecture

Let us discuss key challenges from an infrastructure planning standpoint.

  1. Resource Management – Ensuring that every tenant has ‘fair’ access to the CPU, Network and Memory resources without being starved of them by other tenant workloads running on the same cluster. Further, the management plane should provide the ability to tune resource access per workload to ensure that business SLAs are met or exceeded.
  2. Self Service – Enable users across different tenant groups to perform the lifecycle of multi-tenancy – provision k8s clusters, scale up or down clusters across different IaaS providers and to   deploy applications using a certified catalog of images including runtimes such as Prometheus,
  3. Security – Namespace isolation so that each workload can be isolated such that a security vulnerability or malware in a given tenant doesn’t cause a wider breach resulting in data loss or downtime

Best Practices

A complete multi-tenant K8s environment setup should also address the following key points – which have been covered in other blog posts here, and here. 

The right way to design the overall infrastructure should follow the below recommendations  –

  • A management plane that enables self-service, integration with backend enterprise systems & hosts a catalog of containerized runtimes that allows developers to deploy and run components certified the O[ps team in a single executable environment.
  • Centralize security and auditing
  • Help onboard and support various developer teams with the workflow to checkout code, make changes, produce deployable artifacts and a mechanism to deploy the produced artifacts to the appropriate clusters
  • Automate the management of Day 1, Day 2 and Day 2+ tasks so that the development team can focus on the more important things, such as developing business functionality.
  • Achieve better utilization of the underlying hardware as well as provide self-service to tenants

Kubernetes provides various primitives to isolate users and their resources within the data nodes. These include the notions of physical hosts, groups of those (clusters), workloads running in pods and in containers.  Using namespaces, tenant workloads can be separated into different parts of the cluster. Policies can then be added to the namespace scope to control access and set limits on resource usage.  Kubernetes objects such as CRDs/operators, extensions, etc are shared between members of a cluster.

With the basics in place, the next post will focus on the key technical aspects of building out an enterprise-scale multi-tenant Kubernetes infrastructure.

Discover more at Industry Talks Tech: your one-stop shop for upskilling in different industry segments!

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.