multi-tenant k8s clusters at network-level:
- Ingress rules
- allow/deny and ingress/egress Network Policies
- Network-aware Zones
Architect a multi-tenant system with kubernetes
I don’t think there is one document out there really summaries everything. The link below is a bit old but can help outline some of the basics on how they build on k8s. Ultimately the primitives are the same but they abstract namespaces a bit and build it around RBAC. Coupled with a default vxlan (isolated) SDN plugin and their ingress routing, its a compelling multi-tenant solution that provides isolation and quotes at multiple levels.
Openshift really just adds some glue (a lot of it being devleoper workflow) on top of Kubernetes. What is nice is that RedHat continues to try and upstream features of origin into k8s where it makes sense.