Back To Schedule
Thursday, December 7 • 2:00pm - 3:20pm
WG Multitenancy Deep Dive - hosted by David Oppenheimer, Google & Quinton Hoole, Huawei

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Kubernetes has supported "soft" multitenancy since the beginning, with features such as namespaces, ResourceQuota, and resource-based scheduling. Over the years Kubernetes has added a number of sophisticated features to strengthen its multitenancy support, for example RBAC, PodSecuityPolicy, NetworkPolicy, priority/preemption, etc.

Now is a good time to take stock of Kubernetes' multitenancy support from the perspective of different types of users -- for example small organizations where everyone trusts each other, large enterprises that need isolation between many internal teams and applications sharing a cluster, SaaS providers hosting instances of their SaaS for many users in a single cluster, and infrastructure providers offering hosted "Kubernetes as a Service" -- and ask what are the key gaps remaining to be filled. Do we need hierarchical namespaces? Better mechanisms to hide shared resources so users can't see who they're sharing the cluster with? Multitenancy policies (quota, RBAC, etc.) that span namespaces, or that apply to a label-selected subset of objects within a namespace? Split-horizon DNS? Resource scheduling within the control plane to ensure no tenant monopolizes the API server, controllers, scheduler, etc.? Where on the spectrum from "soft multitenancy" to "hard multitenancy" should Kubernetes aim (and what do these terms mean, anyway?)

In this session we will discuss what multitenancy means to us as a community, and where we should focus our multitenancy efforts in 2018.


Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cloud... Read More →
avatar for David Oppenheimer

David Oppenheimer

Software Engineer, Google
David Oppenheimer is a software engineer working on Kubernetes and GKE at Google. He is co-lead of the newly-formed Kubernetes multi-tenancy working group, and was previously co-lead of the Kubernetes scheduling SIG. He has been working on Kubernetes since 2014, and prior to that... Read More →

Thursday December 7, 2017 2:00pm - 3:20pm CST
Meeting Room 4BC, Level 3