Kubernetes inception

Kubernetes Inception aka kubeception, is a term used for running Kubernetes clusters inside a Kubernetes cluster. This solves,

• Advanced multi-tenancy use cases with better isolation.
• Easy orchestration of Multiple (Tenant) clusters.
• Better resource utilisation across clusters.

Central/Single Platform Team

An organisation developing and or operating multiple products(teams) in the cloud-native era will require a (multiple) dedicated Kubernetes cluster for each of their products and maybe Kubernetes administrators too. There comes the significance of a central platform, which can help with a standard infrastructure with the right security policies and best practices aligned with the wider organisational policies.

The management overhead increases as the number of clusters increases, and resource utilization may not be that cost-effective as we need to keep buffers in each cluster.

Multi-Tenancy

Sharing clusters saves costs and simplifies administration. However, sharing clusters also present challenges such as security, fairness, and managing noisy neighbours. this can be managed by implementing network policies, resource quotas, etc up to an extent.

Read more on Kubernetes Multi-Tenancy. There are tools like capsule which is "Kubernetes multi-tenancy made easy" as they say, and Hierararchical namespaces (aka HNC) which allows namespaces to own each other, policy propagation between related namespaces, and delegated namespace creation.

This approach also restricts the Tenants to use the whole functionality of Kubernetes as a trade-off.

Kubeception

Unlike namespaces and other isolations, we can run Kubernetes clusters inside a Kubernetes cluster which gives tenants maximum flexibility to use the Kubernetes features along with the goodness of having a Multi-Tenancy platform.

This brings better resource utilisation and less management overhead compared to running multiple dedicated clusters, and better tenant isolation compared to the namespace-based multi-tenancy.

Read more on Kubernetes inception from a Kubernetes blog and refer VirtualCluster - Enabling Kubernetes Hard Multi-tenancy GitHub repo from Kubernetes Special Interest Group (SIG)