search

ratify-project / ratify

Artifact Ratification Framework
https://ratify.dev
Apache License 2.0
225 stars 63 forks source link

Multi-tenancy support #743

Closed yizha1 closed 6 months ago

yizha1 commented 1 year ago

What would you like to be added?

There are two issues related to k8s multi-tenancy, see #195 and #225. This issue tries to make a summary and clarify the scenarios.

Multi-tenancy in Kubernetes allows multiple tenants to share the same cluster resources while maintaining their own isolated environments.

  1. An organization could set up multi-tenancy for different teams, so that each team can share some common resources, while maintaining their own resources. This allows organizations to maximize resources and reduce costs.
  2. An k8s cluster could be shared by different organizations, so that different organizations can share some common resources, while maintaining their own isolated environment. This is valuable for a group of small companies who cannot afford a cluster, but still can have a secure and reliable environment for their own services.

Currently Ratify is a single instance in k8s cluster, and some CRDs are on cluster level. Ratify support multi-tenancy could mean:

This issue is to clarify the scenarios of multi-tenancy support and agree on the way forward.

Anything else you would like to add?

Work Item break down:

Are you willing to submit PRs to contribute to this feature?

binbin-li commented 11 months ago

We already have a design doc on the multi-tenancy model, which can be broken down into a few tasks listed in https://hackmd.io/qrJi6ZtzQeeVo0bWEplohw Created a few sub-tasks for multi-tenancy:

binbin-li commented 6 months ago

Closing it as the basic scenario is supported. Will support log isolation and metrics isolation in next release.