hierarchical-namespaces
cluster-api-provider-nested
Our great sponsors
hierarchical-namespaces | cluster-api-provider-nested | |
---|---|---|
8 | 6 | |
581 | 293 | |
7.4% | 0.3% | |
6.6 | 4.7 | |
9 days ago | 10 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hierarchical-namespaces
-
Efficient Cluster Management with Kubernetes’ Hierarchical Namespaces
HNC_VERSION=v1.1.0 HNC_VARIANT=default kubectl apply -f https://github.com/kubernetes-sigs/hierarchical-namespaces/releases/latest/download/hnc-manager.yaml
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
Kubernetes has a lot of limitations from a multi tenancy perspective.
It's functional, but I think it's not as polished as the rest of Kubernetes which is why Kubernetes has a multi tenancy SIG that spawned the hierarchical namespace controller (https://github.com/kubernetes-sigs/hierarchical-namespaces) and virtual clusters (https://github.com/kubernetes-sigs/cluster-api-provider-nest...)
-
Automatically deploy objects after namespace creation
Kyverno's a great option. Depending on the usecase you might want to consider https://github.com/kubernetes-sigs/hierarchical-namespaces as well (disclaimer: I'm the original author) - it's good if groups of related namespaces need related objects.
-
Multitenancy with Hierarchical namespaces
❯ HNC_VERSION=v1.0.0 ❯ kubectl apply -f https://github.com/kubernetes-sigs/hierarchical-namespaces/releases/download/${HNC_VERSION}/default.yaml namespace/hnc-system created customresourcedefinition.apiextensions.k8s.io/hierarchyconfigurations.hnc.x-k8s.io created customresourcedefinition.apiextensions.k8s.io/hncconfigurations.hnc.x-k8s.io created customresourcedefinition.apiextensions.k8s.io/subnamespaceanchors.hnc.x-k8s.io created role.rbac.authorization.k8s.io/hnc-leader-election-role created clusterrole.rbac.authorization.k8s.io/hnc-admin-role created clusterrole.rbac.authorization.k8s.io/hnc-manager-role created clusterrole.rbac.authorization.k8s.io/hnc-proxy-role created rolebinding.rbac.authorization.k8s.io/hnc-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/hnc-manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/hnc-proxy-rolebinding created secret/hnc-webhook-server-cert created service/hnc-controller-manager-metrics-service created service/hnc-webhook-service created deployment.apps/hnc-controller-manager created mutatingwebhookconfiguration.admissionregistration.k8s.io/hnc-mutating-webhook-configuration created validatingwebhookconfiguration.admissionregistration.k8s.io/hnc-validating-webhook-configuration created # Install helper plugin ❯ kubectl krew install hns
-
Is it anti-pattern to have multiple environments under a single namespace?
I would say it’s an anti-pattern since using a namespace for multiple environments will be a pain. Not sure what you mean by CRDs though. There is an addon that gives you namespace hierarchies. I.e. each team gets a namespace and they can have sub-namespaces for environments. Check it out: https://github.com/kubernetes-sigs/hierarchical-namespaces
-
Ask r/kubernetes: What are you working on this week?
Looking into the Hierarchical Namespace Controller to see if it can simplify our heavily multi-tenanted clusters. So far so good!
-
RBAC and limited namespace access
HNC is designed for these kinds of scenarios: https://github.com/kubernetes-sigs/hierarchical-namespaces
-
Introduction to Multi-Tenancy in Kubernetes
Project HNC
cluster-api-provider-nested
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
Kubernetes has a lot of limitations from a multi tenancy perspective.
It's functional, but I think it's not as polished as the rest of Kubernetes which is why Kubernetes has a multi tenancy SIG that spawned the hierarchical namespace controller (https://github.com/kubernetes-sigs/hierarchical-namespaces) and virtual clusters (https://github.com/kubernetes-sigs/cluster-api-provider-nest...)
-
Multi-tenancy in Kubernetes
Virtual Cluster (wg-multitenancy)
-
Any projects to run Kubernetes inside Kubernetes?
Also https://github.com/kubernetes-sigs/cluster-api-provider-nested, similar approach to vcluster, but part of the K8s project.
- cluster-api-provider-nested/virtualcluster at main · kubernetes-sigs/cluster-api-provider-nested
- Kubernetes-in-Kubernetes and the WEDOS PXE bootable server farm
-
Introduction to Multi-Tenancy in Kubernetes
Approach C This approach provides a way to implement hard isolation among Kubernetes tenants who have no trust between them. This provides segregated master plane components for each tenant by creating a mini virtual cluster on the super Kubernetes cluster. Admins can also create custom resources in those virtual clusters as well. This is provided by projects like VirtualCluster and vCluster.
What are some alternatives?
vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
capsule - Multi-tenancy and policy-based framework for Kubernetes.
cluster-api-provider-kubevirt - Cluster API Provider for KubeVirt
rbac-manager - A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
kamaji - Kamaji is the Hosted Control Plane Manager for Kubernetes.
namespace-configuration-operator - The namespace-configuration-operator helps keeping configurations related to Users, Groups and Namespaces aligned with one of more policies specified as a CRs
cluster-api-provider-openstack
multi-tenancy - A working place for multi-tenancy related proposals and prototypes.
cluster-api-provider-vsphere
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
cluster-api-provider-aws - Kubernetes Cluster API Provider AWS provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.