Download as PDF, PPTX
Uploaded byWeaveworks
How to Avoid Kubernetes Multi-tenancy Catastrophes
This document summarizes a webinar about implementing multi-tenancy in Kubernetes without catastrophes using GitOps. It recommends 5 easy steps: 1) implement a zero trust posture, 2) apply least privilege practices, 3) use policies to enforce governance, 4) leverage GitOps audit capabilities, and 5) reduce the blast radius. The webinar discusses how Weaveworks' Workspaces product establishes boundaries and defines access controls to securely support multiple teams deploying applications.
More Related Content
Similar to How to Avoid Kubernetes Multi-tenancy Catastrophes
![[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-digitalaccessibilitywhydevelopersneedtoknowandcarein2025-251127011019-0674441d-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels](https://cdn.slidesharecdn.com/ss_thumbnails/md-exploringappleson-devicefoundationmodels-251124030840-d690542c-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-phpinaiagethelaravelway-251125012602-ef9d330e-thumbnail.jpg?width=640&height=640&fit=bounds)
How to Avoid Kubernetes Multi-tenancy Catastrophes
- 1.
- 2. 2 Webinar Platform -FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
- 3. 3 Joe Dahlquist VP ofProduct Marketing, Weaveworks Joe Dahlquist leads product marketing at Weaveworks. An accomplished product leader with over 20 years of experience in PM and PMM roles, Joe has worked on software, hardware, and services products that have delighted millions of users and partners in cybersecurity, consumer electronics, financial services, access control, and more. Speaker introductions David Stauffer Senior Product Manager, Weaveworks David Stauffer is a Senior Product Manager at Weaveworks. For David, the most exciting job in the world is building the right product for the customer. Passionate about any and all end-users, he has experience working in different startups across the globe. He has worked on making the edge real through Kubernetes and working in the GSMA aligning on the architectural design for a federated edge.
- 4. Weaveworks is backedby amazing teams Weaveworks partners with all the major infrastructure and Kubernetes vendors We’re the GitOps Company Weaveworks is deeply committed to the Open Source Community
- 5. Confidential do notdistribute Financial Services Companies Doing GitOps with Weaveworks Technology Other Industries
- 6. ● Tenancy isubiquitous ● Catastrophes can occur ● You can get it right ● 5 easy steps how to do it Tenancy in Weave GitOps Enterprise
- 7. 7 WTF is Tenancyand why is it needed? ● A person, place or thing? ● Team? ● Application? Tenancy in the World of GitOps
- 8. 8 ● Many waysto handle Tenancy in Kubernetes, which is right for you? ● Defining overall Tenancy posture can get really complicated ○ Companies need end-to-end tenancy solution ○ Granular control over all the moving parts ○ Policies, RBAC, Isolation, and more Tenancy in the World of GitOps
- 9. ● Some realworld examples Getting it Wrong can be Catastrophic
- 10. 10 1. Implement aZero Trust posture 2. Apply Least Privilege Practices 3. Use Policies to Enforce Governance 4. GitOps Audit Capabilities 5. Reduce the Blast Radius 5 Easy Things You Can Do
- 11. 11 ● Implement aZero Trust posture ○ Trust nothing, verify everything ○ Neighbours can be noisy ○ Flux is your gate/root of trust 5 Easy Things You Can Do 1
- 12. 12 ● Apply LeastPrivilege Practices ○ Permissions and Role management ○ Distrust until proven otherwise ○ Continuous assessment 5 Easy Things You Can Do 2
- 13. 13 ● Use Policiesto Enforce Governance ○ Audit vs. Admission ○ Policy as Guardrails ○ Control Sources and Configs 5 Easy Things You Can Do 3
- 14. 14 ● GitOps AuditCapabilities ○ Git history ○ Git gate to your cluster ○ Change control and checks 5 Easy Things You Can Do 4
- 15. 15 ● Reduce theBlast Radius ○ Do all of the above… ○ Secrets rotation ○ Isolation (not all in one git repo) 5 Easy Things You Can Do 5
- 16. 16 ● Workspaces establishesboundaries, defines what can be deployed by whom ● Creates trusted Workspaces for application teams ● Protects sensitive environments ● Adds governance and compliance Workspaces in Weave GitOps Namespace Policy Role RoleBinding
- 17. 17 Team Workspaces givesthe power to define: ● Access to sources ( Git repos, Helm repos, Buckets etc ) ● Access to targets ( Cluster + namespaces ) ● Definition of what can get deployed ( examples: Roles, Network Policies, Deployments, ... ) ● Use/set the correct Service Account and Role + Rolebindings Workspaces in Weave GitOps
- 18. 18 ● Workspaces empowersapp dev teams to go much faster ● Enables multiple DevOps teams to work seamlessly together ● Enables DevOps teams to focus on their area of concern ● Protects sensitive environments Result: Race Car with Seatbelts
- 19. 19 Confidential do notdistribute Questions? Please use the Q&A panel in your Zoom menu
- 20. 20 Whitepaper: Trusted ApplicationDelivery https://bit.ly/3A0JMOe Learn more about Weave GitOps www.weave.works/enterprise and a 5 min demo https://youtu.be/aqJaHNCz2lM Request a personal demo www.weave.works/contact Thank You