[alexellisuk]

The point is that it's unsafe to allow tenants ClusterRole / admin on a shared cluster, but this is needed for many CRDs and Operators.

The Operator pattern is getting more and more popular, and most of then need ClusterRole.

As the service provider (internal team, or SaaS provider), this is a liability. The aim, from reading the README.md, is to provide the ability for each tenant to be ClusterRole / admin within their own cluster, hosted in a larger real cluster.

Jessie Frazelle has talked about this before, I'm not sure if this is the exact blog link, but it's related: Kubernetes in Kubernetes - https://blog.jessfraz.com/post/hard-multi-tenancy-in-kuberne...