kiosk
cluster-api-provider-nested
Our great sponsors
kiosk | cluster-api-provider-nested | |
---|---|---|
8 | 6 | |
1,067 | 293 | |
1.0% | 0.3% | |
0.0 | 4.7 | |
7 months ago | 11 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kiosk
-
Multi-tenancy in Kubernetes
Kiosk
-
Dedicated backend resources per client
Have a look at https://github.com/loft-sh/kiosk and maybe the paid version https://loft.sh/
-
From Kubernetes to Plattform
As for the open source projects, maybe you would find Kiosk for allowing self-service namespace creation, namespace templates and cross-namespace resource limits and quotas.
-
Space boxing user accounts with Kiosk
# Install kiosk with helm v3 ❯ kubectl create namespace kiosk helm install kiosk --repo https://charts.devspace.sh/ kiosk --namespace kiosk --atomic namespace/kiosk created NAME: kiosk ... Learn more about using kiosk here: https://github.com/loft-sh/kiosk#getting-started #verify ❯ kubectl get pod -n kiosk NAME READY STATUS RESTARTS AGE kiosk-66dbfcf6db-5rfx2 1/1 Running 0 2m18s
-
Checklist for Platform Engineers
Kubernetes was designed as a single-tenant platform. Sharing clusters, though, offers greater flexibility, simplifies infrastructure, and improves cost-efficiency. Therefore, it makes sense to use a multi-tenant system. To keep tenants separate and prevent compromised tenants from affecting others, you can use role-based access control (RBAC) or namespaces. Tools that assist with multi-tenancy in Kubernetes include kiosk and loft.
-
User management qustion
For simple environments I'm using klum, for bigger environments I'm using OIDC with Keycloak. Beside that kiosk also looks interesting.
-
RBAC for developer self-service?
https://github.com/loft-sh/kiosk (from makers of loft)
- Meet Rich Burroughs - Loft Blog
cluster-api-provider-nested
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
Kubernetes has a lot of limitations from a multi tenancy perspective.
It's functional, but I think it's not as polished as the rest of Kubernetes which is why Kubernetes has a multi tenancy SIG that spawned the hierarchical namespace controller (https://github.com/kubernetes-sigs/hierarchical-namespaces) and virtual clusters (https://github.com/kubernetes-sigs/cluster-api-provider-nest...)
-
Multi-tenancy in Kubernetes
Virtual Cluster (wg-multitenancy)
-
Any projects to run Kubernetes inside Kubernetes?
Also https://github.com/kubernetes-sigs/cluster-api-provider-nested, similar approach to vcluster, but part of the K8s project.
- cluster-api-provider-nested/virtualcluster at main · kubernetes-sigs/cluster-api-provider-nested
- Kubernetes-in-Kubernetes and the WEDOS PXE bootable server farm
-
Introduction to Multi-Tenancy in Kubernetes
Approach C This approach provides a way to implement hard isolation among Kubernetes tenants who have no trust between them. This provides segregated master plane components for each tenant by creating a mini virtual cluster on the super Kubernetes cluster. Admins can also create custom resources in those virtual clusters as well. This is provided by projects like VirtualCluster and vCluster.
What are some alternatives?
capsule - Multi-tenancy and policy-based framework for Kubernetes.
vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
cluster-api-provider-kubevirt - Cluster API Provider for KubeVirt
loft - Namespace & Virtual Cluster Manager for Kubernetes - Lightweight Virtual Clusters, Self-Service Provisioning for Engineers and 70% Cost Savings with Sleep Mode
kamaji - Kamaji is the Hosted Control Plane Manager for Kubernetes.
Openshift Origin - Conformance test suite for OpenShift
cluster-api-provider-openstack
klum - Kubernetes Lazy User Manager
hierarchical-namespaces - Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.
sandbox-operator - A Kubernetes operator for creating isolated environments
cluster-api-provider-vsphere