Kubernetes multi-tenancy is the ability to run workloads belonging to different subjects such as users, groups, and departments, in such a way that each subject’s workloads are isolated from each other. Multi-tenancy is becoming an important topic as more and more organisations adopt Kubernetes on a larger scale.
Kubernetes multi-tenancy is the ability to run workloads belonging to different subjects such as users, groups, and departments, in such a way that each subject’s workloads are isolated from each other. Multi-tenancy is becoming an important topic as more and more organisations adopt Kubernetes on a larger scale.
Kubernetes is not a multi-tenant system out of the box. While it is possible to configure isolation through namespaces, implementing a stronger multi-tenancy in Kubernetes is challenging because of the flat nature of namespaces. At Clastix, we solved the problem by developing Capsule, an open-source operator to aggregate multiple namespaces in a tenant abstraction, enforcing each tenant within a robust policies-driven boundary. Capsule helps to reduce the operational effort by allowing users, teams, and departments to share the same infrastructure and then reducing the number of required clusters to operate and maintain.
To keep the operational costs under control, a multi-tenant environment must provide self-service capabilities for all the tenants. If not well-architected, a multi-tenant environment can overload the operations teams with continuous requests and reduce the efficiency of the development teams. Capsule’s secure multi-tenancy lets tenants create namespaces and self-serve workloads according to quota, limits, and other Kubernetes policies. Each tenant’s environment is isolated, with data invisible to other tenants.
When it comes to backup and restore of their data, each tenant needs to operate in a self-service fashion without having to loop in someone with admin privileges. But the majority of data protection platforms out there do not provide self-service capabilities, reserving backup & restore work to a dedicated team with storage admin privileges. To help address this, Clastix partnered with CloudCasa by Catalogic, providing a cyber-resilient, scalable backup and disaster recovery self-service platform for cloud-native applications running on Kubernetes.
With this integration, Capsule tenants are automatically mapped to CloudCasa user groups with appropriate RBAC roles. This allows developers to backup & restore only their own resources and data, providing a secure, self-service, and cost efficient multi-tenant solution for Kubernetes.
“By integrating Capsule with the new RBAC feature of CloudCasa, it can now provide an essential and critical capability of self-service Kubernetes backup and recovery” said Sathya Sankaran, General Manager of CloudCasa and Chief Operating Officer at Catalogic. “We are impressed by how easy it is to implement a self-service multi-tenant environment in Kubernetes with Capsule.”
To learn more about Capsule Multi-Tenancy integration with CloudCasa self-service backup & recovery, please visit us at KubeCon + CloudNativeCon Europe 2022. Capsule is a startup sponsor of the event and will exhibit at booth SU40. CloudCasa by Catalogic is a silver sponsor of the event and will exhibit at booth S22.