Kubernetes is a wonderful but complex software that can present significant “Day Two” challenges when put into production.
Developers who are new to Kubernetes — and most are — face a large knowledge gap when they look to sustain and optimize Kubernetes clusters.
In this piece, I will share several ways to address problems as they arise.
Optimize your Kubernetes cluster for cost
As adoption of Kubernetes rises, the need for applications and engineers to access clusters is also growing. However, it is neither feasible nor cost-efficient to always use entire physical clusters to achieve this goal.
Virtual clusters are a great way to reduce costs. In a scenario of 100 developers, we calculated up to 78% savings by using open source virtual clusters.
Leveraging virtual clusters with open source software such as VirtualCluster or vcluster lets Kubernetes operators can run multiple virtual clusters within a single physical cluster, thereby increasing the tenancy of each. By utilizing computing resources via this more communal method, organizations can save on computing costs as opposed to operating entirely separate Kubernetes clusters.
Increase tenant isolation
By leveraging policy engines, it’s possible to implement software security guardrails on your cloud-native Kubernetes infrastructure.
Another great benefit of virtual clusters is that they are isolated from other users on the cluster. This gives each user their own workspace that looks and feels exactly like a physical Kubernetes cluster.
In addition, virtual clusters enable a stricter form of multitenancy compared to namespace-based multitenancy. One of the main concerns with namespace-based multitenancy is that it cannot contain cluster-scoped resources. Many applications must create, or at least access, cluster-scoped resources like nodes, cluster roles, persistent volumes and storage classes.
Virtual clusters also provide security benefits by increasing the isolation in multitenancy clusters via:
- Full control-plane isolation.
- Domain Name System (DNS) isolation.
- Resources created on a single namespace.
Organizations seeking a solution for multitenant applications that provide greater isolation for resources shared among their clusters should consider virtual clusters as an option. On top of saving costs and being simpler to deploy, they are also easier to manage than physical clusters.
