Kubernetes on AWS with multiple accounts?

11/1/2019

I wonder if it is possible to run a single EKS cluster within one AWS account and give access to it (entire or specific namespaces) to another one?

Here's a scenario: In my company we have multiple customers and host their systems within AWS. We'd like to setup AWS Organization structure with subaccounts per customer (+ maybe separate account for prod and test). Some of the customers are already being migrated to Kubernetes so we need EKS cluster. Now, setting separate clusters for each customers would not be cost effective - partially because it would generate over 100USD for each control plane, partially because we would need to have separate node groups for each customer which would decrease benefits of scale. For this reason I thought of setting a single EKS cluster and give access to it to subaccounts created for customers. Can I achieve this? And how to do it relatively simple?

-- Tomasz Kapłoński
amazon-eks
amazon-web-services
aws-organizations
kubernetes

1 Answer

11/1/2019

Follow these steps

  1. You can create separate namespace for each customer rather creating a separate cluster.
  2. Define resource quota at namespace level and manage the resources.
  3. Create RBAC roles and rolebindings to control access at namespace level for each customer.
-- P Ekambaram
Source: StackOverflow