This code is part of the research I conducted for my Masters in Software Solutions Architecture at Technological University Dublin, Ireland.
Kubernetes is the leading container orchestration platform today. To optimize Kubernetes usage, enterprises often share Kubernetes clusters across multiple tenants. This is achieved by sharing one or multiple Kubernetes namespaces.
Namespace isolation is frequently implemented using Istio Service Mesh. However, there's literature highlighting the overhead of running Istio service mesh on a cluster.
Consequently, this research aimed to implement a similar namespace-based tenant isolation model using the Capsule operator for Kubernetes and compare the metrics against the Istio service mesh-based implementation.
- Workloads with Capsule operator was up to 11% points less resource intensive.
- Workloads with Capsule operator performed 545 more Request Per Second (RPS).
- Workloads with Capsule operator responded 2ms faster.
Istio Cluster Setup
Capsule Cluster Setup
- Kind - local Kubernetes cluster
- Helmsman - Infrastructure-as-code (IaC) for managing Helm chart installations
- Locust - python-based load testing tool
- Istio Service Mesh
- Capasule Operator
- Steps and commands to replicate the Istio service mesh-based cluster setup - link to setup instructions
- Steps and commands to replicate the Capsule operator-based cluster setup - link to setup instructions
For further details, feel free to contact me at:
- Email: soorajshajahan@ymail.com
- LinkedIn: Link to LinkedIn Profile