[piva00]

We are currently facing the same problem and came to the same conclusion, we are subdividing our node pools by namespace (and using namespacing for multi-tenancy) but it "feels" very convoluted and a smell that there's a feature missing in Kubernetes itself to handle this more graciously.

[smarterclayton]

The node placement admission controller was definitely intended for that. In combination with a simple controller for allocating namespaces to sets of nodes.

The real solution is of course to limit what nodes can see - I won't say it's trivial, but it's an O(1) check based on the pods scheduled on that node.