Strange Brew

I have been conducting some experiments running the ForgeRock stack on Kubernetes . I recently stumbled on namespaces . In a nutshell Kubernetes (k8) namespaces provide isolation for instances. The typical use case is to provide isolated environments for dev, QA, production and so on. I had an "Aha!" moment when it occurred to me that namespaces could also provide multi-tenancy on a k8 cluster. How might this work? Let's create a two node OpenAM cluster using an external OpenDJ instance: See https://github.com/ForgeRock/fretes   for some samples used in this article kubectl create -f am-dj-idm/ The above command launches all the containers found in the given directory, wires them up together (updates DNS records), and create a load balancer on GCE.  If I look at my services:  kubectl get service  I see something like this: NAME       LABELS          SELECTOR   IP(S) PORT(S)  openam-svc name=openam-svc site=site1 10.215.249.206 80/TCP