Full Isolation in Multi-Tenant SaaS with Kubernetes and Istio
•
4 likes•1,136 views
Ichsan will be talking about different architecture approach in multi tenancy SaaS, trade offs between each architecture. Briefly talk about Kubernetes and Istio, and afterwards talk about how it lowers the barrier in creating the most complex multi-tenancy setup, full isolation which offers the highest isolation between tenants. With which the SaaS provider can offer the highest security and data privacy between tenants, The setup would also be the best approach both when the business scales or disaster happens. Ichsan will also introduce the devops toolchain that can help startups maintain the complex system with ease through automation, and with demo of course!
Report
Share
Full Isolation in Multi-Tenant SaaS with Kubernetes and Istio
- 1. Full Isolation in Multi-Tenant SaaS with Kubernetes & Istio DevOpsDays Jakarta 2019
- 2. Ichsan Rahardianto Technical Ops Lead at Brankas ichsan.rahardianto@gmail.com https://www.linkedin.com/in/irahardianto/ @irahardianto
- 3. SaaS Multi-tenancy in SaaS and Its Architectures K8S Full Isolation in Kubernetes Istio Using Istio to Route Traffic Demo Deploying and Updating Isolated Tenant Q&A Question & Answer Agenda
- 4. SaaS
- 5. SaaS In The Perspective of The Customers Low Total Cost of Ownership Time-to-Value No Maintenance Needed
- 6. Multi-Tenant SaaS Database Tenancy Patterns Measurement Multi-Tenant DB Shared App per Tenant DB Single Tenancy Tenant Isolation Low High Very high Cost Lowest Low High Development Complexity Medium Low Low Operation Complexity Low Medium High Data Privacy & Data Security Low Medium Very high Data Extraction Hardest Easy Easy
- 8. Shared App, per Tenant DB
- 9. Single Tenancy (Full Isolation)
- 10. Full Isolation Complication Complex Infrastructure Design High Cost & Low Efficiency Difficult to Maintain
- 11. Then Why The F... Full Isolation?! ResiliencyData Security & Privacy Independently Scalable & Customizable
- 12. Enter K8S
- 13. K8S
- 14. Pod
- 15. Our Deployment with K8S
- 16. Pod Resources Requests and Limits to Increase Efficiency
- 17. Add in CI/CD
- 18. Adding Custom Development Pipeline
- 20. Istio
- 21. Istio
- 22. Hipster Shop: Cloud-Native Microservices Demo Application source: https://github.com/GoogleCloudPlatform/microservices-demo
- 23. Hipster Shop Service Architecture
- 24. Istio Ingress Gateway, K8S Namespace & Virtual Service
- 25. DNS Record Set
- 27. Virtual Service
- 28. Helmchart
- 29. Namespace for Each Tenant
- 30. Deployment
- 31. Deploying The Helm Chart $ helm install --name <release-name> <helmchart>
- 32. Deploying The Helm Chart $ helm upgrade <release-name> <helmchart> --set=image.tag=<new-tag>
- 34. Q&A
- 35. Thank You!