
Ask HN: How do you deal with multi-tenancy (in k8s)? - autogenerated
Curious how people deal with multi-tenancy in general and within Kubernetes in particular.<p>We run a B2B SaaS and have found configuration management to be an increasing pain, especially the fact that the resources that we dedicate to a single customer is a result of that configuration.<p>Right now we have clear separation between each tenant in the storage layer but share &quot;compute resources&quot; (yup, our service does some ML on behalf of our customers).<p>Since we already run on Kubernetes we are thinking of achieving that isolation through namespaces and maybe even through a custom resource&#x2F;operator.
======
PentiumBug
IMO, theoretically, it can be done. In practice, the consensus seems to
gravitate to no, do not do that.

My experience is limited to on premises deployments, but here it goes: it's
way better to isolate with different clusters, not only for different clients
or business units, but several per user (think, for instance, infrastructure
upgrades).

I think that standing up clusters these days is better a much better
proposition than just a year ago. For instance, at $WORK, we extensively use
rke and we can set things up in minutes in a fairly automated way (Terraform &
Ansible.)

Edit: forgot one bit: I know about namespaces, RBAC, network policies, etc. I
still think, in this point in time, that multiple smaller dedicated clusters
are better than one huge beast. Maybe the story will get better over time.

