Hi @Roberto Carrera The way i design this is with Zero trust in mind.
The first thing you need to solve is routing and networking between these environments. There are chances you may face overlapping IP spaces between the environment. And the other challenge depending on your kubernetes deployment, are your podIPs routable. Generally speaking, outside of public clouds (GCP, azure, AWS) pod IPs are not routable. Public clouds make the pod ip routable by default unless you specify another CNI.
You then open yourself to a potential security risk so you have to figure out how to manage the access from and to (containers) apps/services etc…
I would also isolate the different container strategies you have into different fault/security domains.
It also depends on what services these on prem environment need to access to. The DIY environment i assume they will be short lived environments? There are a a few open questions here.
One way to solve it is with a, multi cloud/multi runtime, service mesh.
With a service mesh you’ll be able to specify access policies, authz rules etc…, between applications, domains, environments etc…. A service mesh can span multiple clouds/environments/runtimes.
You can also combine it with api-gateways possibly, it all depends on your architecture.
Just my 2 cents 🙂