Running Isolated VirtualClusters With Kata & Cluster API - Chris Hein & Eric Ernst, Apple, Inc

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21.
Learn more at The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects. Running Isolated VirtualClusters With Kata & Cluster API - Chris Hein & Eric Ernst, Apple, Inc Speakers: Chris Hein, Eric Ernst Kubernetes is generally considered a single-tenant container orchestrator, but as companies have been running it and realizing the benefits of the Kubernetes architecture contrasted with the nontrivial level-of-effort of managing many single tenant clusters we’ve seen a spike in use cases & projects that support the need for multi-tenant & zero-trust deployments.
You can see this in the growth of “Sandboxed Runtimes” like Kata, gVisor & Firecracker.
As well as tools like vCluster, Kamaji & HNC.
In this talk Chris Hein & Eric Ernst will demonstrate one way hard multi-tenancy can be achieved by leveraging Cluster API Nested with VirtualCluster running inside a Kubernetes cluster with workload isolation & virtual networking being provided by the Kata runtime.
Users of this architecture get the benefits of per-tenant Kubernetes control planes to use CRDs, Admission Webhooks, Cluster level RBAC, Aggregate APIServers along with workload & network segregation while reducing the overall maintenance burden.
Modeled after the ICDCS paper by folks from Alibaba - If you are interested in sandboxed runtimes, hard multi-tenancy, scaling Kubernetes, Cluster API or multi-cluster Kubernetes this is the talk for you.

Источник: rutube.ru