It is a given by now that Kubernetes is great at orchestating containers and making optimum use of compute resources. Albeit this comes at a cost of lot of operations effort to install and configure Kubernetes cluster. It has been hard to sell Kubernetes to developers and non operations folk because they see this effort to keep the light on in kuberntes clusters as uncecessary overhead. Especially when there are alternatives like serverless technologies. Ofcourse serverless technolgies have their own limitations and downsides which I am not going into in this blog.Kubernetes can be used to host ocntainer workloads with varying degrees of isolation. Different types of isolations on K8 clusters can be achieved using these follwoing features

  1. Namespaces
  2. Node pools /Worker nodes
  3. Dedicated multiple clusters
  4. Isolation by using lables/tags

Out of these approaches I find isolation by using namespaces is a good balance between ease of use and the efectiveness of isolation especially from a security point of view. Isolating worklods by namespaces enables Kubernetes cluster to host multiple tenant workloads with a high degree of isolation. This requires creating and configuring individual namespaces for each tenant workload. Such operations can be termed as day 2 operations for kubernetes operators. Day 2 operations include task such as

  1. Creating a namespace
  2. Creating a service account for this namespace
  3. Creating corresponding roles & role bindings for this service account
  4. Creating a Kubeconfig file to be passed to namespace owners Optional activities
  5. Creating /integrating these newly created credentials in a CI/CD system
  6. Creating DNS records to reach workloads inside K8 cluster ( assuming workloads are web applications) These operations need to be repeated for each team/tenantof a K8 cluster. This can get mondane and is a prime candidate for automation.Hence I came up with this idea called “KAT” Kubernetes Automation Tool. Using this CLI based tool Kubernetes operators can bootstrap a namespace ready to be used by tenant developers to host their application from a single terminal. This saves a numerous clicks in various systems and eliminates human errors.

KAT is an automation CLI tool written in GO

TO be continued….