Is EKS safe for multi-tenant use? When we looked it appeared unsafe if we want to run our users code next to each other because of possible isolation issues.
I guess that depends on your use case and risk profile. Linux containers are a pretty well established isolation mechanism and you can potentially add some additional safety with per-tenant dedicated nodepools.
If pods have added privileges or there is a really low risk tolerance, maybe that's not enough isolation.
Sounds like you can change the container runtime with EKS (not sure if that impacts AWS support) so you could use gVisor or runvm
If pods have added privileges or there is a really low risk tolerance, maybe that's not enough isolation.
Sounds like you can change the container runtime with EKS (not sure if that impacts AWS support) so you could use gVisor or runvm
https://www.verygoodsecurity.com/blog/posts/secure-compute-p...