Multitenancy is a hot platform engineering topic for providers of Kubernetes environments. It’s a way of organizing your services that enables you to host multiple tenants–a company’s departments or application development teams, for example–on the same cluster.
Multitenancy is convenient for tenants who need to share data with each other, and provides each of them a user experience that resembles their own private cluster. It may seem inherently insecure given the risk of tenants interfering with each other’s data or processes, but with the right controls it can both increase the security of your platform and free your developers.
Simplify their life
Interactions between application and platform-level security configuration can be complex and difficult to reason about, increasing the likelihood of vulnerabilities. You can limit this complexity with platform-level policies that only permit your tenants to use resources or run processes that meet the specific requirements you define. These types of policies prevent them from interfering with the operation of the cluster, including other tenants’ data or processes. You can also create policies to ensure that tenants only take their fair share of common resources like memory and disk space.
Tools for success
The Capsule Kubernetes operator introduces the API-level concept of a tenant to Kubernetes. It exposes options you can use to configure tenant isolation and tenant resource quotas, for example. You can augment it with tools such as:
- an admission policy framework to limit platform features tenants may use and enforce security standards on tenant workloads.
- Examples: Kyverno and Gatekeeper.
- a network policy framework to isolate tenants at the network (L4) level which makes it possible to prevent them from accessing any services other than their own and those you permit.
- Examples: Cilium and Calico.
- a service mesh to provide (L7) isolation and the mutual authentication and workload identities you need for inter-tenant authentication.
- Example: Istio
Security and freedom can coexist
The right architecture and tooling can help you deliver more robust, secure platforms for your developers.
Policy-based controls can minimize internal threat surfaces, isolate tenant resources, and free your developers from platform-level concerns about security, monitoring, and reliability. The core benefit of a policy-based architecture is the freedom it gives tenants to focus on developing their applications.
