After evaluating multiple solutions these are the conclusions at this time:
NaaS with vanilla kubernetes objects - for a shoestring budget with limited expertise
- Excellent starting point
- No CRDs
- Requires some support scripts (atleast a helm chart) to provide an overall solution
- No auditing
- Edits and updates are not straight forward
Hierarchical namespaces - step-up over the above solution, use it if you just want inheritance of limits, quotas and rbac objects
- Very limited overhead
- Almost any resource can be inherited
- Took a long time to come to 1.0 => there is a lot of deliberation (don't know the specifics of why it took time)
- Not much in-terms of auditing and RBAC levels
- Hierarchical and normal namespaces dont play well at times (could be my setup issue)
vCluster - kubernetes in kubernetes; soft cluster as a service solution
- Excellent candidate for developing and testing CRDs
- Full fledged isolation
- Cross namespace communication is apparently hard
Kiosk - multitenancy with strong and complex templating
- Can be very powerful with templates
- Templating is not easy to master (needs more real-world examples in my case)
Capsule - simpler than Kiosk
- All in one tenant definitions
- Not sure on extensibility w.r.to custom objects (CRDs)
- Needs a tenant admin to set things up and monitor => a dashboard necessary at some point of time
TODO
We could not get to test how okteto is implementing multi-tenancy and could not get to testing kubeslice yet. These are much more than multi-tenancy solutions so are of interest to us
Top comments (2)
Hey there, Ashok! This is a fantastic post on NaaS! I work very closely with the KubeSlice open source project and we'd love to hear about your experience after you try out the project. We've an examples repo that sets you up with a demo. Should you stumble upon any issues during the process, please don't hesitate to drop by our community channel #kubeslice on the K8s slack. Happy tinkering!
I would love to try it out