DEV Community

Cover image for Namespace as a Service
Ashok Nagaraj
Ashok Nagaraj

Posted on

Namespace as a Service

Multitenancy in kubernetes

Kubernetes documentation describes 3 models of multitenancy:

  • namespace as a service
  • cluster as a service
  • control-plane as a service

Namespaces are the means of soft isolation in kubernetes

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
From kubernetes.io/docs

Kubernetes clusters generally being aggregations of computational blocks it makes sense to make them multi-tenant from an economic and efficient use of underlying infrastructure perspective.

In this series we will explore multiple solutions "Namespace as a Service" (for multitenancy within a kubernetes cluster). For the sake of simplicity we will keep RBAC (authentication and authorization) out of the discussion.


Contenders

  • Namespace as a service (using vanilla kubernetes objects)
  • Hierarchical namespaces
  • vCluster from Loft labs
  • Kiosk from Loft labs
  • Capsule from Calstix

Discussion (0)