2 Replies Latest reply on Jun 12, 2019 1:08 PM by drfooser

    PKS namespace

    csam2020 Lurker


      We are in the process of implementing the PKS infrastructure. Since we are quite new to this topic, would like to get some guidelines/best practices on the below point.


      Since we are going to use the same setup for the Development, QA & Production , what  is the best practices to segregate these environments.


      Is it have separate clusters   for each environment [DEV/QA &POD]?, and create namespaces within to segregate different projects?


      Have one or two clusters [one for DEV & QA and one for PRD] and segregate each project with respect to the  namespaces?


      Any other recommendations?


      Kindly advice.




        • 1. Re: PKS namespace
          nathanreid Lurker
          VMware Employees

          Hi Sam,


          There are pros and cons to either approach, so not one correct answer to your question. Multiple clusters per environment will enable you to test different cluster config changes, provide a greater degree of segregation between workloads, and allow you to dedicate resources with less configuration in k8s. Namespace isolation reduces the number of cluster configs you need to manage (e.g. k8s cluster secrets, etc.) but won't enable you to test things like changed in k8s cluster security without affecting both dev and prod.


          With a good ci pipeline method/gitops, you will reduce the amount of effort and potential for error in config parity across clusters.  PKS provisioned k8s clusters with NSX CNP and namespace firewalling enable considerable isolation between workloads, but it will not address the topics I've listed above. If your goal is to have the most flexibility and resilience in testing, my opinion is that multiple clusters is a better option. With PKS, you could even create a dev and test cluster as part of your ci pipeline, and then tear them down after promotion to prod.

          • 2. Re: PKS namespace
            drfooser Lurker

            We have Pivotal Container Services and BOSH running on our VMWare vSAN. We chose to deploy multiple K8S clusters - Development, QA, Application Engineering & Infrastructure. This is working well for us so far. It still allows individual members of each team to have their own namespace within their teams cluster.