Michael Irwin, Application Architect @ Virginia Tech
While Kubernetes has a rich feature-set with RBAC and namespaces, it still falls short in making a multi-tenant solution possible out-of-the-box. How do you protect teams from each other without simply taking all of the control from them? For example, how do you prevent a team from defining an Ingress object that takes the traffic from another? Or how do you prevent teams from creating additional LoadBalancer services? Fortunately, Gatekeeper has come to the rescue! In this talk, we'll talk about admissions controllers and how Gatekeeper can solve these problems. We'll go over the Rego language (which takes some time to wrap your head around) and provide several examples of how Virginia Tech is using Gatekeeper to support multi-tenancy. While policy enforcement sounds scary, it certainly doesn't have to be!