Multi-tenancy Improvements

[pjbgf]

Context

Flux2 supports multi-tenancy, and users have been using it in production for some time now.

The documentation around the subject covers a bootstrap example to help users kick start their multi-tenancy deployments. And also how to implement control plane isolation with the multi-tenancy-lockdown.

What's next

In summary, the documentation needs expanding to better inform users around the security risks of multi-tenancy and the recommended deployment models for their specific isolation/security requirements.

There are proposed changes that would further improve Flux in multi-tenancy environments, by for example enabling tenants to share resources amongst themselves. Such changes must be progressed once the security impact of such changes have been assessed.

High-level Items:

• [ ] Recomendation on Deployment Models vs Isolation Levels: Document the different deployment models, and their threat models. Ensure terminology aligns with Kubernetes Multi-Tenancy Docs Proposal.
• [ ] Engage with CNCF TAG Security Pal Program.
• [ ] Progress multi-tenancy related RFCs:
  • https://github.com/fluxcd/flux2/pull/2086
  • https://github.com/fluxcd/flux2/pull/2092
  • https://github.com/fluxcd/flux2/pull/2093
• [ ] Implement New Features.