Cloud Native Rejekts EU (Valencia) 2022

User Impersonation is the Key to Multi-Tenant APIs on Kubernetes
2022-05-15, 12:15–12:45, Main Room

Kubernetes is hard to operate in a multi-tenant manner.
As organizations add API's and privileged controllers to their clusters, it becomes infeasible to build
clusters that teams can share with each other safely.
This is a design issue with the way projects extend Kubernetes.

While policy engines like Gatekeeper and Kyverno enable cluster owners to patch over insecure API
surfaces to protect tenants, there are patterns that produce APIs resistant to cross-tenant issues.
It's possible to extend Kubernetes without relying on admission-based policy engines to restrict API
boundaries and controller implementations.

This session will cover the new strategies being used in Flux 2's APIs and controllers that allow for
multiple organizations and teams to work safely together.
Come learn how RBAC, Impersonation, and kubeConfig Secrets allow Flux to safely compose objects
across Namespaces and Clusters!