cluster-api-provider-nested
hierarchical-namespaces
cluster-api-provider-nested | hierarchical-namespaces | |
---|---|---|
6 | 8 | |
293 | 581 | |
-0.3% | 2.2% | |
4.7 | 6.6 | |
14 days ago | 13 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cluster-api-provider-nested
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
Kubernetes has a lot of limitations from a multi tenancy perspective.
It's functional, but I think it's not as polished as the rest of Kubernetes which is why Kubernetes has a multi tenancy SIG that spawned the hierarchical namespace controller (https://github.com/kubernetes-sigs/hierarchical-namespaces) and virtual clusters (https://github.com/kubernetes-sigs/cluster-api-provider-nest...)
-
Multi-tenancy in Kubernetes
Virtual Cluster (wg-multitenancy)
-
Any projects to run Kubernetes inside Kubernetes?
Also https://github.com/kubernetes-sigs/cluster-api-provider-nested, similar approach to vcluster, but part of the K8s project.
- cluster-api-provider-nested/virtualcluster at main · kubernetes-sigs/cluster-api-provider-nested
- Kubernetes-in-Kubernetes and the WEDOS PXE bootable server farm
-
Introduction to Multi-Tenancy in Kubernetes
Approach C This approach provides a way to implement hard isolation among Kubernetes tenants who have no trust between them. This provides segregated master plane components for each tenant by creating a mini virtual cluster on the super Kubernetes cluster. Admins can also create custom resources in those virtual clusters as well. This is provided by projects like VirtualCluster and vCluster.
hierarchical-namespaces
-
Efficient Cluster Management with Kubernetes’ Hierarchical Namespaces
HNC_VERSION=v1.1.0 HNC_VARIANT=default kubectl apply -f https://github.com/kubernetes-sigs/hierarchical-namespaces/releases/latest/download/hnc-manager.yaml
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
Kubernetes has a lot of limitations from a multi tenancy perspective.
It's functional, but I think it's not as polished as the rest of Kubernetes which is why Kubernetes has a multi tenancy SIG that spawned the hierarchical namespace controller (https://github.com/kubernetes-sigs/hierarchical-namespaces) and virtual clusters (https://github.com/kubernetes-sigs/cluster-api-provider-nest...)
-
Automatically deploy objects after namespace creation
Kyverno's a great option. Depending on the usecase you might want to consider https://github.com/kubernetes-sigs/hierarchical-namespaces as well (disclaimer: I'm the original author) - it's good if groups of related namespaces need related objects.
-
Multitenancy with Hierarchical namespaces
❯ HNC_VERSION=v1.0.0 ❯ kubectl apply -f https://github.com/kubernetes-sigs/hierarchical-namespaces/releases/download/${HNC_VERSION}/default.yaml namespace/hnc-system created customresourcedefinition.apiextensions.k8s.io/hierarchyconfigurations.hnc.x-k8s.io created customresourcedefinition.apiextensions.k8s.io/hncconfigurations.hnc.x-k8s.io created customresourcedefinition.apiextensions.k8s.io/subnamespaceanchors.hnc.x-k8s.io created role.rbac.authorization.k8s.io/hnc-leader-election-role created clusterrole.rbac.authorization.k8s.io/hnc-admin-role created clusterrole.rbac.authorization.k8s.io/hnc-manager-role created clusterrole.rbac.authorization.k8s.io/hnc-proxy-role created rolebinding.rbac.authorization.k8s.io/hnc-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/hnc-manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/hnc-proxy-rolebinding created secret/hnc-webhook-server-cert created service/hnc-controller-manager-metrics-service created service/hnc-webhook-service created deployment.apps/hnc-controller-manager created mutatingwebhookconfiguration.admissionregistration.k8s.io/hnc-mutating-webhook-configuration created validatingwebhookconfiguration.admissionregistration.k8s.io/hnc-validating-webhook-configuration created # Install helper plugin ❯ kubectl krew install hns
-
Is it anti-pattern to have multiple environments under a single namespace?
I would say it’s an anti-pattern since using a namespace for multiple environments will be a pain. Not sure what you mean by CRDs though. There is an addon that gives you namespace hierarchies. I.e. each team gets a namespace and they can have sub-namespaces for environments. Check it out: https://github.com/kubernetes-sigs/hierarchical-namespaces
-
Ask r/kubernetes: What are you working on this week?
Looking into the Hierarchical Namespace Controller to see if it can simplify our heavily multi-tenanted clusters. So far so good!
-
RBAC and limited namespace access
HNC is designed for these kinds of scenarios: https://github.com/kubernetes-sigs/hierarchical-namespaces
-
Introduction to Multi-Tenancy in Kubernetes
Project HNC
What are some alternatives?
vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
cluster-api-provider-kubevirt - Cluster API Provider for KubeVirt
capsule - Multi-tenancy and policy-based framework for Kubernetes.
kamaji - Kamaji is the Hosted Control Plane Manager for Kubernetes.
rbac-manager - A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
cluster-api-provider-openstack
namespace-configuration-operator - The namespace-configuration-operator helps keeping configurations related to Users, Groups and Namespaces aligned with one of more policies specified as a CRs
cluster-api-provider-vsphere
multi-tenancy - A working place for multi-tenancy related proposals and prototypes.
cluster-api-provider-aws - Kubernetes Cluster API Provider AWS provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.