AKS Today – Cluster Isolation Patterns

A common question with AKS is: “how many clusters do I need?” There are two patterns to consider:

Physical Isolation

With this pattern, you use different clusters based on environment like dev, test, staging and production. Or you can break out the clusters by team or project. In this manner, you are “sandboxing” the applications and users to a dedicated Kubernetes cluster.


Logical Isolation

With logical isolation, you group workloads based on commonalities like environment, team or criticality. In the screenshot above, the Dev and Staging cluster on the left is being shared by differnet teams, but separated by different namespaces. On the right, the cluster is dedicated to production and is shared with multiple teams.

Screen Shot 2019-03-18 at 9.31.27 PM.png

Namespaces provide a logical isolation boundary in the cluster and is the first line of defense to break your cluster down into smaller workspaces. There are a number of other capabilities within Kubernetes to help you lock the environment down. We will dive into these in future blogs.

Screen Shot 2019-03-18 at 9.37.44 PM.png