capsule
capsule copied to clipboard
projectcapsule
Multi-tenancy and policy-based framework for Kubernetes.
# Describe the feature For audit purpose, it would nice to keep history of Tenants policy violations. Just tracking events as for #289 could be not enough since events are...
Capsule is leveraging Kubernetes multi-tenancy using a combination of custom controllers and webhooks, used to intercept requests issued by tenant owners and allow or deny those. Capsule supports ownership from...
# Current design Alice would like to create several resources on each of their Namespaces. Upon the creation of each Namespace, they have to create the desired resources on each...
We should define a benchmark for performances and tests in different stress conditions. For example: - how many tenants - how many namespaces/tenants - how many concurrent users - how...
### Background The [Kubernetes Hardening Guidance by NSA and CISA](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF) details recommendations to harden Kubernetes systems; while some security measures depend on the target cluster and its architecture, others are...
Since it works, why not share it with the community?
# Describe the feature We should consider designing an **AppArmor** profile to be assigned to **Capsule** when installed. Being a sensitive component in the cluster, this should be a good...
# Describe the feature Document how Capsule integrates in an ArgoCD GitOps based environment. # What would the new user story look like? The cluster admin can learn how to...
# Describe the feature We have a use-case where tenants can use 2 different node pools. 1. A shared node pool available for use by all tenants on a cluster...
Metadata
Owner
Metadata
Multi-tenancy and policy-based framework for Kubernetes.