Isolate tenants in a shared Kubernetes cluster
WHAT IT TESTS: layered multi-tenancy. OUTLINE: namespaces as the boundary, ResourceQuotas plus LimitRanges to cap compute, default-deny NetworkPolicies for traffic, and RBAC per namespace. RED FLAG: treating a namespace alone as a hard security boundary.
WHAT IT TESTS: whether you combine multiple primitives for soft multi-tenancy instead of relying on one. ANSWER OUTLINE: a namespace per tenant gives the policy boundary; ResourceQuotas cap aggregate CPU, memory and object counts while LimitRanges set per-pod defaults to stop noisy neighbors; default-deny NetworkPolicies stop tenants reaching each other; RBAC scopes access per namespace. RED FLAG: assuming namespaces give kernel-level isolation or forgetting the shared control plane and nodes.
Read the original → interview
- #kubernetes
- #multi-tenancy
- #networkpolicy
- #resourcequota
- #isolation
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.