Workload Isolation

Explore workload isolation techniques in Kubernetes to improve security. Learn about cluster-level namespaces, node isolation methods, runtime distinctions between containers and virtual machines, and network isolation strategies such as overlay and BGP networks. This lesson helps you understand how to secure and isolate workloads effectively within Kubernetes environments.

We'll cover the following...

Cluster-level workload isolation
- Namespaces and soft multi-tenancy
- Namespaces and hard multi-tenancy
Node isolation
Runtime isolation
Network isolation

This section will show us some ways we can use to isolate workloads.

We’ll start at the cluster level, switch to the runtime level, and then look outside the cluster at infrastructure such as network firewalls.

Cluster-level workload isolation

Cutting straight to the chase, Kubernetes does not support secure multi-tenant clusters. The only way to isolate two workloads is to run them on their own clusters with their own hardware.

Let’s look a bit closer.

The only way to divide a Kubernetes cluster is by creating Namespaces. However, these are little more than a way of grouping resources and applying things such as:

Limits
Quotas ...

1.Kubernetes Primer

2.Kubernetes Principles of Operation

3.Getting Kubernetes

4.Working With Pods: Theory

5.Working with Pods: Hands-On

6.Virtual Clusters with Namespaces

7.Kubernetes Deployments

Project

8.Kubernetes Services: Theory

9.Kubernetes Services: Hands-On

10.Ingress

11.WebAssembly on Kubernetes

12.Service Discovery: Deep Dive

13.Kubernetes Storage

14.ConfigMaps

Project

15.StatefulSets

16.API Security and RBAC

17.Kubernetes API

18.Threat Modeling Kubernetes

19.Real-World Kubernetes Security

20.Conclusion

Workload Isolation

Cluster-level workload isolation