Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[OSPP 2024]feat: Multi-Tenant Edge Computing Resource Isolation and Optimized Management Solution Based on OpenYurt #2081

Closed
rambohe-ch opened this issue Jun 19, 2024 · 1 comment

Comments

@rambohe-ch
Copy link
Member

Motivation

Many users provide services to their customers using the OpenYurt platform. To ensure the security and isolation of resources and business operations, it is generally necessary to create separate OpenYurt clusters for each user. However, as the node scale for individual users is relatively small, this leads to users having to manage a large number of small-scale clusters, thereby facing significant management cost pressures. Additionally, Kubernetes itself only supports resource isolation based on namespaces, which does not fully meet the requirements for multi-tenant isolation.

The goal of this research is to make non-invasive modifications to Kubernetes to achieve exclusive use of edge resources and shared management, supporting efficient multi-tenant isolation capabilities. This approach aims to effectively reduce cluster maintenance and operational costs, optimize resource allocation, and improve service quality while meeting the needs of multiple users.

Objectives

The primary objectives of this issue are to:

  1. Develop Non-Invasive Enhancements to Kubernetes
    Design and implement modifications to Kubernetes that enable efficient multi-tenant isolation without invasive changes to the core architecture of Kubernetes. This includes enhancing namespace capabilities or introducing new mechanisms to manage access and resource allocation among multiple tenants at the edge.

  2. Each end user has a full K8s cluster
    Each user can only get resources(include namespace scope or cluster scope) of their own, whether using kubeconfig file or a bearer token in the pod, or node certificate.

  3. Don't effect the scalability of the K8s cluster
    This means the feature of multi-tenant is not the bottleneck for building large-scale K8s cluster. For instance, it is feasible to incorporate more than 1000 nodes into a single cluster.

Output Requirements

  1. Develop comprehensive design documentation for the multi-tenancy isolation solution, outlining the architecture, components, and interaction mechanisms.
  2. Write and integrate code for the multi-tenancy isolation solution, ensuring it is merged into the community's master branch.
  3. Create unit test cases and end-to-end (E2E) test scenarios to thoroughly validate all relevant functionalities of the solution.

Related issues

  1. https://summer-ospp.ac.cn/org/prodetail/245fc0132?list=org&navpage=org
Copy link

stale bot commented Sep 18, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Sep 18, 2024
@stale stale bot closed this as completed Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant