Kubernetes - Create a separate namespace for each customer

I want to deploy a traditional monolithic application in Kubernetes.
Thousands of customers use this application and each customer has its own instance of application. if we have 5 customers we should run 5 separate instances of this application.
The application also calls Kubernetes API for running some jobs.

I want to make sure that everything is isolated, Is it a good idea to create a separate namespace for each customer? Does it cause some performance issues? Is there any better solution for it?


Short answer: yes, namespace isolation would be a good step in the right direction but IAM configuration and a clear RBAC policy are a must when trying to isolate cluster resources.

Long answer: What you should worry about here are cluster costs, Kubernetes is resilient and flexible by design, so if you encounter performance bottlenecks, scaling is a command away. If your cluster is not an on premise one and you're planning to use a cloud service, I highly recommend Google Kubernetes Engine (GKE) as it's optimized to support multi-tenancy.

The GCP team details the best practices of K8s multi tenancy here, I think it will provide a much clearer answer about your question.