Kubernetes, multi-tenancy and open-source philosophy – a discussion with Dario from Clastix
This interview stems from a collaboration that has brought together two realities that share their work and team philosophy. Our Director of Operations in Berlin, Yair Etziony and Dario Tranchitella, Technical Advisor at Clastix, discussed the Clastix approach to multi-tenancy in Kubernetes and other key questions.
What’s CLASTIX?
Clastix is the leader in Kubernetes multi-tenancy solutions.
Founded by Cloud Computing experts, Clastix is a tech startup based in Italy. Clastix products and services help organisations overcome Cloud Native adoption challenges and confidently design, build, and operate digital infrastructures based on Kubernetes.
Hi – could you tell us about yourself?
I’m Dario Tranchitella, mostly known as a meme author on LinkedIn about Cloud Native and Kubernetes!
I’ve been a Site Reliability Engineer – projects like managing Kubernetes at scale like five production clusters, on-prem, with over 2,500 VMs. I decided to leave because I was tired of getting paged in the middle of the night by a robot voice.
Since 2020, I’ve been a technical advisor at CLASTIX, besides maintaining their open source projects focused on the Kubernetes multi-tenancy.
Tell us about what led you to start Clastix and why?
It was 2020, and I worked for a different company, building something on top of Kubernetes. I was making a platform, I was able to run Kubernetes at scale, and I was building something bleeding edge.
I remember the first call with Adriano; he asked if I was interested in contributing to open source. I said yes, but no. We see open source as overwhelming, and doing open source is hard. Adriano wanted to develop an operator for multi-tenancy in Kubernetes. In his view, multi-tenancy on Kubernetes is broken. I was shocked to realise he was right.
We could design our proof of concept in a matter of weeks. When we delivered that to the customer, they were amazed it was supposed to solve all their problems. We started adding new features; “Capsule” can change the life of many people. The Capsule automates the repetitive tasks an administrator should put in place upon any new tenant onboarding, and ensures the policies declared in the Tenant definition are respected. Thus, it reduces the operational burden of managing a Kubernetes cluster for multiple tenants.
I discovered that doing open source is cumbersome and a wild ride. Luckily, it's also very satisfying, and we enjoy the ride. Open source is very gratifying because it democratises your knowledge with other people.
What is multi-tenancy? Who might need it?
Namespaces can be the main component in creating a multi-tenancy environment in a Kubernetes cluster. It is a way to group your workloads. multi-tenancy has a single instance that serves many instances.
People think multi-tenancy is mainly “namespaces,” but on a Kubernetes cluster, it is a virtual slice of your cluster. Multi-tenancy is how I share something; we can run multiple parts divided into logical abstractions.
Some problems arise when you start sharing your cluster with other people. The issues will not happen on day zero or day one. You will see those problems only on day two and forward. Kubernetes was not designed to work in the multi-tenancy the way the enterprise world uses it. It was designed to work for one organisation and by a single set of developers.
The answer is to work with many clusters, which means more operations and people. Finding the right people who will fit your organisation's culture takes a lot of work. People need to be more scalable. Technology is, but people are not. They were using Kubernetes for enterprise customers in second-day operations.
What are the biggest challenges in multi-tenancy and especially in Kubernetes?
There is the matter of trust – we must ensure that security is a first-class citizen in your cluster. Multi-tenancy implies that you are sharing the infrastructure with people you don't trust; they can be from the same big organisation, but due to regulations, they can't trust each other.
K8s is a software developer kit for cloud development for distributed systems, but it lacks security. Take namespaces, for example; I have one. I can define a set of rules that would limit pod security, but the administration of these features should be regulated; multi-tenancy should play well with security.
What are your thoughts concerning policies?
The biggest buzzword now is ‘platform’, but there are some truths behind it. The companies that are trying to build it are struggling.
You have to create a set of rules that would be the foundation for it.
Policies are the foundation of a platform; we need to put those in place. We are creating those with “Capsule,” which would help anyone trying to develop a platform.
The developer has access to their portion of the platform. They should not have to take care of those policies; the platform engineers should design those.
Ultimately, you get multi-tenancy, security, and the foundation to build it. Kubernetes is like LEGO; you have many building blocks and can use them to create what you need.
What does Clastix bring to the game?
Technology is just technology. It's nothing personal; it's just code. Our projects are just code, but our vision and experience matter.
We tried to identify the problem; we took our experience as far as possible. There are people behind the projects, and we take our knowledge and code it into our products.
We believe in open and shared governance. We are trying to build a community. From my perspective, that's the most significant achievement of Kubernetes. We are trying to become a non-vendor. How can we automate our toil? We have to be both smart and wise.
“Capsule” is easy to understand, and “Kamaji” uses containers to manage control planes; that's the reason we are getting excellent feedback because simple software can solve challenging problems.
Is a cultural change afoot – is there a new breed of companies coming up?
The pandemic stopped everything, forcing companies into asynchronous mode; we were like a hamster, constantly running on the wheel. I had a chance to talk to other people outside my bubble and started questioning myself. At some point, you figure out that the most important thing is people. This leads to a new, virtuous paradigm shift focused on people and their wellness; I am in control over my life, and I will put more emphasis on the connections.
What are the origins of the name “Kamaji”?
In the movie “Sprited away” by Studio Ghibli, I found a friendly character called Kamaji. The name means “boilerman,” he was doing a hard job, but nobody knew it. He is the character that takes care of everyone’s hot water. He seems like a bad guy, but is mainly a very lonely character. I fell in love with that. I think Spirited Away is one of the best anime movies of all time.
He is the silent professional that makes everything work; the guests don't know about him, but nothing will work without him. The guests don't know that he exists. He is crucial to the plot – like running a Kubernetes cluster.
–
Polar Squad is a DevOps consultancy. Based in Helsinki, Tampere and Berlin, their 50+ specialized senior professionals excel in enabling software development companies to focus on what really matters. By creating rapid, scalable and reliable cloud environments and software development practices Polar Squad eliminates unnecessary work. To get in touch, you can reach us here.