Skip to content

Multi Tenancy Roadmap

Jump to bottom
hwchen edited this page Aug 5, 2020 · 52 revisions

Roadmap

This section lists a brief overview of the release theme of each milestone, and the key features delivered by the milestone.

The details of each milestone and the execution status are listed in the next section.

Milestone Theme & Key Features
130 Initial features (tenant object & tenant space)
330 Cluster Virtualization & Access Control
430 Multi-tenancy controllers and CRD isolation
530 Multi-tenancy networking & Multi-tenancy controllers
630 Multi-tenancy networking
Post 630 P2 Features (tenant-level rate limiting, cross-tenant access, etc)

Details

Milestone 01/30/2020

Resource Management

  • New API object "tenant" in system space
  • TenantName in ObjectMeta type.
  • Key path of the resources in etcd with tenant
  • Self-links with tenant info included
  • Tenant resource url resolution and access control
  • Client-go changes to support tenancy

Controllers

  • Tenancy-aware scheduler
  • Tenancy-aware replicaSet controller
  • Tenancy-aware deployment controller

Runtime

  • Support Kata to provide OS kernel isolation

Milestone 03/30/2020

Resource Management

  • Short path for tenant space resources in endpoint handler
  • Tenancy-aware certificate authenticator
  • Tenancy-aware token authenticator
  • Tenancy-aware RBAC authorizer
  • Tenant context in kube-config
  • Tenancy-level API resource discovery

Controllers

  • Add tenant controller

Milestone 04/30/2020

Resource Management

  • CRD Isolation among tenants

Controllers

  • Tenancy-aware job controller
  • Tenancy-aware volume (pv/pvc) controller
  • Tenancy-aware scheduler & kubelet for volume control

Network

  • New API object "network"

Milestone 05/30/2020

Resource Management

  • Multi-tenancy CRD resource discovery
  • Default tenant role binding
  • Support tenant.All

Controllers

  • Tenancy-aware statefulSet controller
  • Tenancy-aware daemonset controller
  • Tenancy-aware service controller
  • Tenancy-aware cronjob controller

Network

  • Endpoints design proposal
  • Tenant controller to bootstrap default network

Milestone 06/30/2020

  • Bug Bash
  • Stabilization Improvement

Resource Management

  • Check tenant existence during request processing
  • Tenant controller: tenant deletion
  • Tenancy-aware resource quota controller
  • "--tenant" command-line option for patch and other verbs in Kubectl

Network

  • containerd changes to pass tenant & extra CNI arguments
  • virtlet changes to pass tenant & extra CNI arguments
  • Mizar network provider can be deployed
    • runtime changes for CNI integration
    • Kubelet changes to wait on readiness
    • API Server changes for service IP
    • DNS changes

7/30/2020

  • Support more verbs in Kubectl
  • E2E test for kubectl
  • Define the expected behavior: node (virtual node?), daemonSet, Local PV/PV provisioner for tenant users, system CRDs(like rook) in tenant spaces

Network

  • service IPAM: external provider
  • service IPAM: default provider (Arktos API Server)
  • Endpoint of "kubernetes" read-only sharing across all tenant
  • DNS alias of per-network service for "Kubernetes" and "Kube-DNS"
  • Per-network DNS pod auto deployment
  • Integration with Mizar network provider

Post 07/30/2020

  • Refactoring: Set objectMeta.tenant for all objects (not urgent)
  • Tenant-level Resource quota
  • Cross-tenant access
  • Remaining controllers for multi-tenancy
  • Tenant-level rate limiting
  • Tenant-level usage metrics/statistics
  • flat network: kube-proxy to support multi-tenancy
  • Flat network: multi-tenancy kube-proxy
  • Flat network: policy-based network isolation
  • Arktos network operator deployment
Clone this wiki locally