Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
2.) Yes, namespace isolation works great with rbac / service accounts, network policies, pod security policies, and depending on what being run , like customer code, you can sandbox pods by setting proper container settings. GKE has a pre-canned solution for this as a reference, sandbox pods. In addition tools like Open Policy Agent can be used to enforce security policies on resources, network config, etc. Check out Gatekeeper, an impl of opa on k8s.
1.) K8s is a good fit for it with the right expectation, experience, and planning. However, manage your expectation if you're very new to it as other have stated. But once you understand the concepts it's quite powerful, especially for small teams. I've created teams large and small teams to manage it, and even with small teams 2-3 people, its very productive and managed tons of infra/ automation. I would use a local setup using kind to start experimenting. It runs on docker and is quick and easy to iterate. You can launch or tear down a cluster in a min or so.
3.) I would always use managed DB/ Storage unless some corporate policy forbids it. Why worry about it, when a managed service has already built out everything you need? It'd cost you more to build and manage it. If you go all in on k8s you can use operators developed by SaaS products or something like Cross Plane to manage the SaaS infra. You can implement a great "gitops" approach this way as oppose to running clis or using terraform or the like.