Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
22. #everyonecancontribute cafe: Multi-tenancy with Kiosk in Kubernetes
Highlights
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
-
- cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
-
- cafe: Deployed k3s as Kubernetes distribution with Max.
-
- cafe: Learned about pods and the Hetzner load balancer with Max.
-
- cafe: Ingress controller for load balancer cost savings with Max.
-
- cafe: Break into Kubernetes Security with Philip Welz.
-
- cafe: Securing Kubernetes with Kyverno with Philip Welz.
-
- cafe: Secure Kubernetes with OpenID with Niclas Mietz.
In this session, we install Kiosk into an existing Kubernetes cluster.
- The Kubernetes cluster was prepared before the session, deployed with KubeOne/Terraform.
- Install Kiosk with Helm
- Kiosk account is similar to role binding
- Create spaces, and let Kiosk manage the required resources
kubectl api-resource --namespaced
to see API resources requiring a namespace definition in #kubernetes 💡- Create deletable spaces
- Replicate certificates between Kubernetes namespaces with Kubed 🏗
- John wants to create multiple namespaces. We can limit him to only create 2 as quota. Quota management in multi-tenancy environments.
- Unlimited compute resources are the default. Again, quota management with resource and account quotas - allow only 2 pods, but request 3 - prohibited. 🔥
In the future, we’ll explore more Kubernetes topics:
- Automate our Kubernetes setup so that everyone can contribute :)
- CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
Insights
Recording
Enjoy the session! 🦊
Written by: Michael Friedrich