It took me a while to kinda understand what OpenShift is and what it does (additionally to Kubernetes itself).
My question refers to the current release of OpenShift Origin 1.1 (OpenShift 3.1).
Without going too much into detail, it should be common knowledge (if you're familiarized with Docker/Container security issues), that you can protect tenants from each other against container breakouts or other exploits only by doing container segregation on a host level.
(I strongly recommend this ebook on Docker Security).
The documentation of OpenShift only describes the concept of projects and users and the Kubernetes docs only state the concept of namespaces for scoping certain ressources.
Thanks for any insights on this or your thoughts on this, if you have experience with running OpenShift as a multi-tenant Container/PaaS platform for developers or customers.
Yes, you can keep containers separated from each other by running them on different hosts.
The way this is done is by configuring scheduler policies. The scheduler is not a "time scheduler", but a resource scheduler that will determine where to run pods.
Running pods (set of 1 or more containers) on different nodes can specifically be configured by using anti-affinity rules.
See https://docs.openshift.com/enterprise/3.0/admin_guide/scheduler.html in general, and https://docs.openshift.com/enterprise/3.0/admin_guide/scheduler.html#affinity specifically to get more details on how to setup this configuration.
The documentation over at https://github.com/kubernetes/kubernetes/blob/master/docs/design/podaffinity.md also provides insight into this.