INSIGHT General Discussion

Highlighted

Best practice/recommendations - k8s multitenancy and encryption of data in-flight/at rest, OnTap SVM

Hi!

I wasn't sure where to ask/discuss these topics but I'll post it here and see if I'm recommended to put this somewhere else...

 

Background

I'm currently looking for best practices with regards to k8s multitenancy and data encryption. We're looking at a three k8s-cluster solution maintained by Rancher.

 

Multi tenancy

I was thinking of solving multi-tenancy using a combination of namespaces, RBACs, Network/POD security policies, taints et c.  I fooled around with Trident last year for a month or two together with OnTap Select before the project was put on a hold, and now restarted... I remember using k8s "storage resource quotas" for limiting SC access between namespaces but I think this will result in a "maintenance nightmare" when the number of customers/namespaces increase. I'd like to see if there are any updated best practices, from a Trident/NetApp SVM perspective as of how to approach the multitenancy question.

 

Data encryption data in-flight/at rest

We have some required requirement fulfilments regarding encryption of data in-flight and at-rest. The underlying storage is NetApp cDOT (unsure of the current version(s)). As FS-protocol we have the possibility to use NFSv4. Any recommendations/best practices regarding encryption, pros and cons would be great and tremendously appreciated.

 

In the k8s world the options are, almost, limitless and indications as of how to approach topics like these are great input in the following discussions/designs...

 

Many thanks!

Check out the KB!
Knowledge Base
All Community Forums