We would like to schedule the kask session storage service on their dedicated hosts in our kubernetes cluster in order to avoid interactions with the other services. This should mitigate the case of another service being exploited on the kubernetes nodes and being able to jump to the session storage service and obtain security sensitive information.
The proposed approach has been to create a couple of VMs on our ganeti infrastructure (1 per rack row) with the required resources and instruct kask to be instantiated only there.