Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSPP 2024]feat: Multi-Tenant Edge Computing Resource Isolation and Optimized Management Solution Based on OpenYurt #2081

Open
rambohe-ch opened this issue Jun 19, 2024 · 0 comments
Open

[OSPP 2024]feat: Multi-Tenant Edge Computing Resource Isolation and Optimized Management Solution Based on OpenYurt #2081

rambohe-ch opened this issue Jun 19, 2024 · 0 comments
Labels
kind/feature kind/feature OSPP2024

Comments

@rambohe-ch
Copy link
Member

Motivation

Many users provide services to their customers using the OpenYurt platform. To ensure the security and isolation of resources and business operations, it is generally necessary to create separate OpenYurt clusters for each user. However, as the node scale for individual users is relatively small, this leads to users having to manage a large number of small-scale clusters, thereby facing significant management cost pressures. Additionally, Kubernetes itself only supports resource isolation based on namespaces, which does not fully meet the requirements for multi-tenant isolation.

The goal of this research is to make non-invasive modifications to Kubernetes to achieve exclusive use of edge resources and shared management, supporting efficient multi-tenant isolation capabilities. This approach aims to effectively reduce cluster maintenance and operational costs, optimize resource allocation, and improve service quality while meeting the needs of multiple users.

Objectives

The primary objectives of this issue are to:

  1. Develop Non-Invasive Enhancements to Kubernetes
    Design and implement modifications to Kubernetes that enable efficient multi-tenant isolation without invasive changes to the core architecture of Kubernetes. This includes enhancing namespace capabilities or introducing new mechanisms to manage access and resource allocation among multiple tenants at the edge.

  2. Each end user has a full K8s cluster
    Each user can only get resources(include namespace scope or cluster scope) of their own, whether using kubeconfig file or a bearer token in the pod, or node certificate.

  3. Don't effect the scalability of the K8s cluster
    This means the feature of multi-tenant is not the bottleneck for building large-scale K8s cluster. For instance, it is feasible to incorporate more than 1000 nodes into a single cluster.

Output Requirements

  1. Develop comprehensive design documentation for the multi-tenancy isolation solution, outlining the architecture, components, and interaction mechanisms.
  2. Write and integrate code for the multi-tenancy isolation solution, ensuring it is merged into the community's master branch.
  3. Create unit test cases and end-to-end (E2E) test scenarios to thoroughly validate all relevant functionalities of the solution.

Related issues

  1. https://summer-ospp.ac.cn/org/prodetail/245fc0132?list=org&navpage=org
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature kind/feature OSPP2024
1 participant
@rambohe-ch