Everyone can contribute! Let's learn together in a weekly cafe ☕

We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.

Community members and thought leaders regularly join and share their projects and ideas.

"Everyone Can Contribute" is inspired by GitLab's mission.

22. #everyonecancontribute cafe: Multi-tenancy with Kiosk in Kubernetes


We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

In this session, we install Kiosk into an existing Kubernetes cluster.

  • The Kubernetes cluster was prepared before the session, deployed with KubeOne/Terraform.
  • Install Kiosk with Helm
  • Kiosk account is similar to role binding
  • Create spaces, and let Kiosk manage the required resources
  • kubectl api-resource --namespaced to see API resources requiring a namespace definition in #kubernetes 💡
  • Create deletable spaces
  • Replicate certificates between Kubernetes namespaces with Kubed 🏗
  • John wants to create multiple namespaces. We can limit him to only create 2 as quota. Quota management in multi-tenancy environments.
  • Unlimited compute resources are the default. Again, quota management with resource and account quotas - allow only 2 pods, but request 3 - prohibited. 🔥

In the future, we’ll explore more Kubernetes topics:

  • Automate our Kubernetes setup so that everyone can contribute :)
  • CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
  • Hetzner storage volumes
  • Monitoring with Prometheus, GitLab CI/CD deployments and much more :)



Enjoy the session! 🦊

Date published: March 24, 2021

Tags: Gitlab, Hetzner, Cloud, Terraform, Ansible, Kubernetes, Security, Kiosk, Multi tenancy