Everyone is welcome, everyone can contribute, everyone is unique and these are your strengths too!

22. #everyonecancontribute cafe: Multi-tenancy with Kiosk in Kubernetes


Highlights

We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

In this session, we install Kiosk into an existing Kubernetes cluster.

  • The Kubernetes cluster was prepared before the session, deployed with KubeOne/Terraform.
  • Install Kiosk with Helm
  • Kiosk account is similar to role binding
  • Create spaces, and let Kiosk manage the required resources
  • kubectl api-resource --namespaced to see API resources requiring a namespace definition in #kubernetes 💡
  • Create deletable spaces
  • Replicate certificates between Kubernetes namespaces with Kubed 🏗
  • John wants to create multiple namespaces. We can limit him to only create 2 as quota. Quota management in multi-tenancy environments.
  • Unlimited compute resources are the default. Again, quota management with resource and account quotas - allow only 2 pods, but request 3 - prohibited. 🔥

In the future, we’ll explore more Kubernetes topics:

  • Automate our Kubernetes setup so that everyone can contribute :)
  • CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
  • Hetzner storage volumes
  • Monitoring with Prometheus, GitLab CI/CD deployments and much more :)

Insights

Recording

Enjoy the session! 🦊


Date published: March 24, 2021

Tags: Gitlab, Hetzner, Cloud, Terraform, Ansible, Kubernetes, Security, Kiosk, Multi tenancy