Back to list of postings

Creating a Landlord for Multi-tenant K8s using Flux, Gatekeeper, Helm, and Friends

On May 17, 2022, I had the chance to speak at GitOpsCon Europe 2022 in Valencia, Spain! While I had left Virginia Tech and was then working for Docker, I was able to talk about the things I did while at Virginia Tech (since I submitted the CfP before transitioning).

Talk Abstract

Supporting multi-tenant environments in Kubernetes is easy, right? (insert laugh here) Well, it can be. But, it takes organization, structure, and proper policy enforcement.

At Virginia Tech, I helped build a "Common Application Platform" that gives each tenant its own manifest repo and deploys those manifests into isolated namespaces using Flux. By leveraging Gatekeeper and Karpenter, we can properly isolate workloads into node pools and ensure tenants don't step on each other's toes. And best of all, our tenant config is in a simple Helm chart that we call "the landlord."

In this talk, we'll dive into how we've built the landlord, the various policies and mutations we're using, and how it works… all with the intent that you can build your own platform too! We'll have live demos and even try to break a thing or two!

Resources

  • Google Slides - link to the slidedeck used during the presentation

Video Recording