One Large Cluster or Lots of Small Ones - Pros, Cons and When to Apply Each Approach

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore the pros and cons of using one large Kubernetes cluster versus multiple smaller ones in this informative webinar. Learn about the advantages, disadvantages, and appropriate scenarios for each approach. Discover solutions to mitigate shortcomings and understand the trade-offs involved in cluster management. Gain insights into topics such as multi-tenancy, namespace isolation, authentication, authorization, network policies, resource quotas, container security, pod security policies, container runtimes, Kubernetes scheduling, admission controllers, and Open Policy Agent (OPA). Use this knowledge to evaluate and choose the best cluster strategy based on your organization's specific requirements and constraints.

Syllabus

Intro
A common question
The short answer...
Implications of having many small clusters
Implications of sharing a large cluster
Today's journey
The foundation block
Kubernetes resources and Namespace
Authentication
Authorization
Built-in Roles
Building fences around a Namespace
Network Isolation of a tenant
Reflections on the previous Network Policy
Allow some ingress traffic
Limit cluster resource usage
Resource Quotas
Storage Quotas
How to properly secure Linux containers
How can we leverage Pod Security Policies
Using different Container Runtime
Other OCI runtimes with focus on security
Using Kubernetes Runtime Class
Is this level of separation enough?
Influencing Kubernetes' scheduler
Validation and sanitization of user input
Kubernetes Admission Controllers
Request validation: use cases
How to use admission controllers
Write custom admission controllers
How Dynamic Admission Control works
Caveats of Dynamic Admission Contro
Open Policy Agent (OPA)
Writing custom policies
Gatekeeper
Generic problems of Admission Controllers
OPA - Auditing feature
Time for a recap
Disadvantages of sharing a single cluster