Kubernetes documentation describes 3 models of multitenancy:
- namespace as a service
- cluster as a service
- control-plane as a service
Namespaces are the means of soft isolation in kubernetes
In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
Kubernetes clusters generally being aggregations of computational blocks it makes sense to make them multi-tenant from an economic and efficient use of underlying infrastructure perspective.
In this series we will explore multiple solutions "Namespace as a Service" (for multitenancy within a kubernetes cluster). For the sake of simplicity we will keep RBAC (authentication and authorization) out of the discussion.
- Namespace as a service (using vanilla kubernetes objects)
- Hierarchical namespaces
- vCluster from Loft labs
- Kiosk from Loft labs
- Capsule from Calstix