flux2
flux2 copied to clipboard
Multi-tenancy Improvements
Context
Flux2 supports multi-tenancy, and users have been using it in production for some time now.
The documentation around the subject covers a bootstrap example to help users kick start their multi-tenancy deployments. And also how to implement control plane isolation with the multi-tenancy-lockdown.
What's next
In summary, the documentation needs expanding to better inform users around the security risks of multi-tenancy and the recommended deployment models for their specific isolation/security requirements.
There are proposed changes that would further improve Flux in multi-tenancy environments, by for example enabling tenants to share resources amongst themselves. Such changes must be progressed once the security impact of such changes have been assessed.
High-level Items:
- [ ] Recomendation on Deployment Models vs Isolation Levels: Document the different deployment models, and their threat models. Ensure terminology aligns with Kubernetes Multi-Tenancy Docs Proposal.
- [ ] Engage with CNCF TAG Security Pal Program.
- [ ] Progress multi-tenancy related RFCs:
- https://github.com/fluxcd/flux2/pull/2086
- https://github.com/fluxcd/flux2/pull/2092
- https://github.com/fluxcd/flux2/pull/2093
- [ ] Implement New Features.