AdvancedTechnical
5 min
Securing Multi-Tenant Kubernetes Namespaces
KubernetesSecurityMulti-Tenancy
Advertisement
Interview Question
Design a secure multi-tenant Kubernetes setup. How do you isolate workloads and enforce policy across namespaces?
Key Points to Cover
- Use network policies, resource quotas, and limit ranges per namespace
- Apply Pod Security Standards and admission controls
- Separate service accounts and least-privilege RBAC per tenant
- Restrict egress with egress gateways or eBPF-based policy
- Audit policies via OPA/Gatekeeper and CI checks
Evaluation Rubric
Implements strong tenant isolation35% weight
Applies least-privilege access control25% weight
Enforces ingress/egress/networking policy20% weight
Enables policy governance and audit20% weight
Hints
- 💡Consider separate clusters for hard isolation.
Potential Follow-up Questions
- ❓How to shard tenants across clusters?
- ❓How do you handle noisy neighbors?
Advertisement