Multi-Tenancy Support & Security Modeling with RBAC and Namespaces [I]

As container technologies mature, Kubernetes is clearly gaining momentum with developers as a means to deploy their distributed applications. As more applications and clusters are deployed by more dev …

As container technologies mature, Kubernetes is clearly gaining momentum with developers as a means to deploy their distributed applications. As more applications and clusters are deployed by more developers, multi-tenancy and isolation become concerns not only for the app developer, but also for the cluster admins. In this talk, we will discuss the various cluster security models available today, and how to use namespaces to provide tenant isolation. We will also demonstrate how to use Kubernetes’ Role Based Access Control (RBAC) feature as means of enforcing a multi-tenant security model. By assigning roles and role bindings and creating namespaces, we can implement restrictions on resource consumption and provide tenant isolation throughout the cluster. We’ll also demonstrate how the RBAC feature provides granularity of access control that can be adjusted to suit varying requirements—from granting full access to users or groups to a cluster to only granting access to specific resources within a namespace. Following the discussion of how to build a security model with namespaces and RBAC, this talk will also feature a live demonstration of RBAC and namespaces in action to illustrate the concepts and show how both admins and developers are affected by the model.