Loading…
October 12, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Back To Schedule
Tuesday, October 12 • 4:20pm - 4:50pm
Building Flux's Multi-Tenant API with K8s User Impersonation - Leigh Capili, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Kubernetes is hard to operate in a multi-tenant manner. As organizations add API's and privileged controllers to their clusters, it becomes infeasible to build clusters that teams can share with each other safely. This is a design issue with the way projects extend Kubernetes.  While policy engines like Gatekeeper and Kyverno enable cluster owners to patch over insecure API surfaces to protect tenants, there are patterns that produce API's resistant to cross-tenant issues. It's possible to extend Kubernetes without relying on admission-based policy engines to restrict API boundaries and controller implementations.  This session will teach you how to enable multiple organizations and teams to work safely together across namespaces and clusters. Flux will be used as an example on how to use RBAC, impersonation and kubeConfig secrets, but the techniques shown can be used to improve projects across the ecosystem!
Speakers
avatar for Leigh Capili

Leigh Capili

Staff Developer Advocate, VMware
Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. He has a background in building software to manage infrastructure. Leigh contributes to Kubernetes and Flux and is frequently working on his next software demo. He also co-maintains Ignite... Read More →

Tuesday October 12, 2021 4:20pm - 4:50pm PDT
Petree Hall C + Online Los Angeles Convention Center - 1201 S. Figueroa Street, Los Angeles, CA 90015
  How to Implement Advanced Deployments