|
|
|
|
|
|
by raesene9
2738 days ago
|
|
|
From a security (as opposed to workload isolation) perspective, I don't think k8s was designed with multi-tenancy in mind at all, in early versions. Definitely I've had conversations with some of the project originators where it was clear the security boundry was intended to be cluster level in early versions. Some of the security weaknesses in earlier versions (e.g. no AuthN on the kubelet, cluster-admin grade service tokens etc) make that clear. Now it's obv. that secure hard multi-tenancy is a goal going forward (and I'll be very interested to see what the 3rd party audit throws up in that regard), but it is a retro-fit. |
|
|