This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Restricting tenant workloads to run on specific nodes can be used to increase isolation in the soft multi-tenancy model. With this approach, tenant-specific workloads are only run on nodes provisioned for the respective tenants. To achieve this isolation, native Kubernetes properties (node affinity, and taints and tolerations) are used to target specific nodes for pod scheduling, and prevent pods, from other tenants, from being scheduled on the tenant-specific nodes. [1] | |
EKS Nodegroups or node pool (in GKE and AKS) is a group of nodes within a cluster that all have the same configuration. The diagram bellow [multi-ng] shows one of the possible use cases, Assuming we have multiple workloads that require different configuration and might have different requirements. In our case we have two nodegroups "application" and "management", both serve different purposes as follow: | |
* Management: all pods that are used for cluster cluster operations such as CA, Prometheus, etc. This nodegroup does not require the same |