https://community.netapp.com/t5/General-Discussion/Best-practice-recommendations-k8s-multitenancy-and-encryption-of-data-in-flight/m-p/155178#M784 <P>Hi!</P> <P>I wasn't sure where to ask/discuss these topics but I'll post it here and see if I'm recommended to put this somewhere else...</P> <P>&nbsp;</P> <P>Background</P> <P>I'm currently looking for best practices with regards to k8s multitenancy and data encryption. We're looking at a three k8s-cluster solution maintained by Rancher.</P> <P>&nbsp;</P> <P>Multi tenancy</P> <P>I was thinking of solving multi-tenancy using a combination of namespaces, RBACs, Network/POD security policies, taints et c.&nbsp; I fooled around with Trident last year for a month or two together with OnTap Select before the project was put on a hold, and now restarted... I remember using k8s "storage resource quotas" for limiting SC access between namespaces but I think this will result in a "maintenance nightmare" when the number of customers/namespaces increase. I'd like to see if there are any updated best practices, from a Trident/NetApp SVM perspective as of how to approach the multitenancy question.</P> <P>&nbsp;</P> <P>Data encryption data in-flight/at rest</P> <P>We have some required requirement fulfilments regarding encryption of data in-flight and at-rest. The underlying storage is NetApp cDOT (unsure of the current version(s)). As FS-protocol we have the possibility to use NFSv4. Any recommendations/best practices regarding encryption, pros and cons would be great and tremendously appreciated.</P> <P>&nbsp;</P> <P>In the k8s world the options are, almost, limitless and indications as of how to approach topics like these are great input in the following discussions/designs...</P> <P>&nbsp;</P> <P>Many thanks!</P> Wed, 04 Jun 2025 11:15:02 GMT Litsegaard 2025-06-04T11:15:02Z https://community.netapp.com/t5/General-Discussion/Best-practice-recommendations-k8s-multitenancy-and-encryption-of-data-in-flight/m-p/155178#M784 <P>Hi!</P> <P>I wasn't sure where to ask/discuss these topics but I'll post it here and see if I'm recommended to put this somewhere else...</P> <P>&nbsp;</P> <P>Background</P> <P>I'm currently looking for best practices with regards to k8s multitenancy and data encryption. We're looking at a three k8s-cluster solution maintained by Rancher.</P> <P>&nbsp;</P> <P>Multi tenancy</P> <P>I was thinking of solving multi-tenancy using a combination of namespaces, RBACs, Network/POD security policies, taints et c.&nbsp; I fooled around with Trident last year for a month or two together with OnTap Select before the project was put on a hold, and now restarted... I remember using k8s "storage resource quotas" for limiting SC access between namespaces but I think this will result in a "maintenance nightmare" when the number of customers/namespaces increase. I'd like to see if there are any updated best practices, from a Trident/NetApp SVM perspective as of how to approach the multitenancy question.</P> <P>&nbsp;</P> <P>Data encryption data in-flight/at rest</P> <P>We have some required requirement fulfilments regarding encryption of data in-flight and at-rest. The underlying storage is NetApp cDOT (unsure of the current version(s)). As FS-protocol we have the possibility to use NFSv4. Any recommendations/best practices regarding encryption, pros and cons would be great and tremendously appreciated.</P> <P>&nbsp;</P> <P>In the k8s world the options are, almost, limitless and indications as of how to approach topics like these are great input in the following discussions/designs...</P> <P>&nbsp;</P> <P>Many thanks!</P> Wed, 04 Jun 2025 11:15:02 GMT https://community.netapp.com/t5/General-Discussion/Best-practice-recommendations-k8s-multitenancy-and-encryption-of-data-in-flight/m-p/155178#M784 Litsegaard 2025-06-04T11:15:02Z