Kubernetes - Create a separate namespace for each customer

kubernetes

I want to deploy a traditional monolithic application in Kubernetes.
Thousands of customers use this application and each customer has its own instance of application. if we have 5 customers we should run 5 separate instances of this application.
The application also calls Kubernetes API for running some jobs.

I want to make sure that everything is isolated, Is it a good idea to create a separate namespace for each customer? Does it cause some performance issues? Is there any better solution for it?


Short answer: yes, namespace isolation would be a good step in the right direction but IAM configuration and a clear RBAC policy are a must when trying to isolate cluster resources.

Long answer: What you should worry about here are cluster costs, Kubernetes is resilient and flexible by design, so if you encounter performance bottlenecks, scaling is a command away. If your cluster is not an on premise one and you're planning to use a cloud service, I highly recommend Google Kubernetes Engine (GKE) as it's optimized to support multi-tenancy.

The GCP team details the best practices of K8s multi tenancy here, I think it will provide a much clearer answer about your question.

Related

Using "postfix" user for "dovecot"
If I request data from localhost vs web-address, does the data go through the network
su -u www-data cat ... not working as expected
Rsyslog forward log with space in path or name
"non-bind mount source /swapfile is a directory or regular file" warning
Kubernetes - Controller-manager and Scheduler is not listening on ports 10251-10252
Samba4 issues with Time Machine: cannot create new backup on Samba share
Which part of speech is "back" in “then she went back to her secretaire”? [duplicate]
Use of 'advice' [duplicate]
Word for internalizing excessive critique & acting upon it
Running the roost?
Word meaning “based on outward appearance”