logo

Dedicated Infrastructure in a Multitenant World

Authors:   Carlos Sanchez


Summary

The presentation discusses the challenges of running multitenant Kubernetes clusters and the solutions implemented by Adobe Experience Manager Cloud Service to provide customers with their own dedicated infrastructure while maintaining multi-tenancy on the Kubernetes cluster. The solution involves using Envoy to run networking tunnels between Kubernetes pods and customer dedicated infrastructure, enforcing encryption and mutual authentication using certificates.
  • Running multitenant Kubernetes clusters is challenging, particularly when different tenants require their own dedicated infrastructure
  • Adobe Experience Manager Cloud Service built solutions to provide customers with their own dedicated infrastructure while running most services in multitenant Kubernetes clusters
  • Envoy is used to run networking tunnels between Kubernetes pods and customer dedicated infrastructure, enforcing encryption and mutual authentication using certificates
  • The solution allows different pods to have their own dedicated egress IP instead of the cluster's, or connections from pods to multiple customer on-premise services using VPN
  • The solution is provisioned automatically using Terraform, Terragrunt and other services
Adobe Experience Manager Cloud Service faced the challenge of providing customers with their own dedicated infrastructure while maintaining multi-tenancy on the Kubernetes cluster. They implemented a solution using Envoy to run networking tunnels between Kubernetes pods and customer dedicated infrastructure, enforcing encryption and mutual authentication using certificates. This allowed different pods to have their own dedicated egress IP instead of the cluster's, or connections from pods to multiple customer on-premise services using VPN. The solution was provisioned automatically using Terraform, Terragrunt and other services.

Abstract

Running multitenant Kubernetes clusters is challenging, particularly when different tenants require their own dedicated infrastructure. At Adobe Experience Manager Cloud Service we built solutions to provide customers with their own dedicated infrastructure, such as ips, DNS, VPN connectivity,... while running most services in multitenant Kubernetes clusters. We will share how we built our solution making extensive use of Envoy to run networking tunnels between Kubernetes pods and customer dedicated infrastructure, enforcing encryption and mutual authentication using certificates. This allows, for example, different pods to have their own dedicated egress ip instead of the cluster's, or connections from pods to multiple customer on-premise services using VPN. The solution is provisioned automatically using Terraform, Terragrunt and other services.

Materials:

Tags: