December 6-8, 2017 - Austin, Texas
Click Here for More Information + Registration 

Customize your schedule by session topic and skill level:
Session Topic - Refer to the "Type" filter list to the right to find a session based on topic. Talk Difficulty - Sessions are categorized as [B]eginner, [I]ntermediate or [A]dvanced at the end of each talk title. No letter indicates an “Any” level. 
View analytic
Thursday, December 7 • 2:00pm - 3:20pm
WG Multitenancy Deep Dive - hosted by David Oppenheimer, Google & Quinton Hoole, Huawei

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.

Kubernetes has supported "soft" multitenancy since the beginning, with features such as namespaces, ResourceQuota, and resource-based scheduling. Over the years Kubernetes has added a number of sophisticated features to strengthen its multitenancy support, for example RBAC, PodSecuityPolicy, NetworkPolicy, priority/preemption, etc.

Now is a good time to take stock of Kubernetes' multitenancy support from the perspective of different types of users -- for example small organizations where everyone trusts each other, large enterprises that need isolation between many internal teams and applications sharing a cluster, SaaS providers hosting instances of their SaaS for many users in a single cluster, and infrastructure providers offering hosted "Kubernetes as a Service" -- and ask what are the key gaps remaining to be filled. Do we need hierarchical namespaces? Better mechanisms to hide shared resources so users can't see who they're sharing the cluster with? Multitenancy policies (quota, RBAC, etc.) that span namespaces, or that apply to a label-selected subset of objects within a namespace? Split-horizon DNS? Resource scheduling within the control plane to ensure no tenant monopolizes the API server, controllers, scheduler, etc.? Where on the spectrum from "soft multitenancy" to "hard multitenancy" should Kubernetes aim (and what do these terms mean, anyway?)

In this session we will discuss what multitenancy means to us as a community, and where we should focus our multitenancy efforts in 2018.


Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cl... Read More →
avatar for David Oppenheimer

David Oppenheimer

software engineer, Google
David Oppenheimer is a software engineer on the Kubernetes team at Google. Prior to working on Kubernetes, he worked on the Borg and Omega cluster management systems.

Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 4BC, Level 3

Attendees (228)