A Multi-Tenant Framework for Cloud Container Services

TL;DR

This paper introduces Virtual-Cluster, a framework that enhances Kubernetes with multi-tenant support, enabling resource sharing and isolation without modifying core components, thus facilitating multi-tenant SaaS deployment.

Contribution

It presents Virtual-Cluster, a novel multi-tenant extension for Kubernetes that maintains API compatibility and provides resource isolation, addressing a key limitation in current container orchestration.

Findings

Moderate overheads in latency and throughput.

Effective resource sharing among tenants.

Preserves Kubernetes API compatibility.

Abstract

Container technologies have been evolving rapidly in the cloud-native era. Kubernetes, as a production-grade container orchestration platform, has been proven to be successful at managing containerized applications in on-premises datacenters. However, Kubernetes lacks sufficient multi-tenant supports by design, meaning in cloud environments, dedicated clusters are required to serve multiple users, i.e., tenants. This limitation significantly diminishes the benefits of cloud computing, and makes it difficult to build multi-tenant software as a service (SaaS) products using Kubernetes. In this paper, we propose Virtual-Cluster, a new multi-tenant framework that extends Kubernetes with adequate multi-tenant supports. Basically, VirtualCluster provides both control plane and data plane isolations while sharing the underlying compute resources among tenants. The new framework preserves the API compatibility by avoiding modifying the Kubernetes core components. Hence, it can be easily integrated with existing Kubernetes use cases. Our experimental results show that the overheads introduced by VirtualCluster, in terms of latency and throughput, is moderate.