This repository contains the proof of concept for a very simple, very limited multi-tenancy Kubernetes system.

The goal is to offer multiple, independent Kubernetes API servers that are backed by a single etcd (cluster). There exists a bunch of prior art, like vcluster or kcp, but this one is mine.

The idea is as simple as it gets: run a proxy between the Kube Apiserver and etcd and make that proxy simply inject a common prefix to all keys. As it turns out, such a proxy is already part of etcd and it even already supports segregating keys (by using a --namespace, not to be confused with Kubernetes namespaces).

This allows me to run a single etcd plus (apiserver+controller-manager+grpc-proxy) for each workspace (independent Kubernetes API) that i want to handle.

Download the repository, get yourself docker-compose and then simply

docker-compose up etcd etcd-prefix1

to start both the classic etcd server and an example proxy. Then you have to choose which to use by editing the docker-compose.yaml and adjusting the --etcd-servers flag for the Kubernetes Apiserver. Then you can just start it with

docker-compose up apiserver

and use the test.kubeconfig to interact with it.