Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi-tenancy support #743

Closed
6 of 7 tasks
yizha1 opened this issue Mar 27, 2023 · 2 comments
Closed
6 of 7 tasks

Multi-tenancy support #743

yizha1 opened this issue Mar 27, 2023 · 2 comments
Assignees
@binbin-li
Labels
enhancement New feature or request
Milestone
v1.2.0

Comments

@yizha1
Copy link
Collaborator

yizha1 commented Mar 27, 2023
edited by binbin-li
Loading

What would you like to be added?

There are two issues related to k8s multi-tenancy, see #195 and #225. This issue tries to make a summary and clarify the scenarios.

Multi-tenancy in Kubernetes allows multiple tenants to share the same cluster resources while maintaining their own isolated environments.

  1. An organization could set up multi-tenancy for different teams, so that each team can share some common resources, while maintaining their own resources. This allows organizations to maximize resources and reduce costs.
  2. An k8s cluster could be shared by different organizations, so that different organizations can share some common resources, while maintaining their own isolated environment. This is valuable for a group of small companies who cannot afford a cluster, but still can have a secure and reliable environment for their own services.

Currently Ratify is a single instance in k8s cluster, and some CRDs are on cluster level. Ratify support multi-tenancy could mean:

  • Each tenant can manage own Ratify policies independently of other tenants based on their own business
  • Each tenant can manage own Ratify stores independently of other tenants
  • Each tenant can manage own Ratify verifiers independently of other tenants
  • Each tenant can share certain parts of Ratify policies, stores, or verifiers from cluster level.

This issue is to clarify the scenarios of multi-tenancy support and agree on the way forward.

Anything else you would like to add?

Work Item break down:

Are you willing to submit PRs to contribute to this feature?

  • Yes, I am willing to implement it.
@yizha1 yizha1 added the enhancement New feature or request label Mar 27, 2023
@yizha1 yizha1 added this to the v1.1.0-beta.0 milestone Sep 25, 2023
@akashsinghal akashsinghal mentioned this issue Oct 20, 2023
Closed
@binbin-li binbin-li mentioned this issue Nov 15, 2023
Merged
12 tasks
@luisdlp luisdlp modified the milestones: v1.1.0, v1.2.0 Dec 1, 2023
@binbin-li
Copy link
Collaborator

binbin-li commented Dec 6, 2023
edited
Loading

We already have a design doc on the multi-tenancy model, which can be broken down into a few tasks listed in https://hackmd.io/qrJi6ZtzQeeVo0bWEplohw
Created a few sub-tasks for multi-tenancy:

  • Support namespace field in external data request key
  • Cache isolation
  • Refactor core workflow to apply namespaced/clustered resources.
  • Refactor Custom Resource.
  • Log isolation
  • Metrics isolation

@binbin-li binbin-li mentioned this issue Dec 6, 2023
Merged
12 tasks
@luisdlp luisdlp mentioned this issue Dec 12, 2023
Closed
@binbin-li binbin-li mentioned this issue Dec 14, 2023
Merged
12 tasks
@binbin-li
Copy link
Collaborator

Closing it as the basic scenario is supported. Will support log isolation and metrics isolation in next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@binbin-li binbin-li

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.2.0
Development

No branches or pull requests
3 participants
@binbin-li @luisdlp @yizha1