11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Tenancy: Tips, Tricks, Tools And Tests - Adrian Ludwin, Google; Tasha Drew, VMware; Ryan Bezdicek, Twilio; Fei Guo, Alibaba
Speakers: Adrian Ludwin, Tasha Drew, Ryan Bezdicek, Fei Guo
Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!
Multi-Tenancy: Tips, Tricks, Tools And Tests - Adrian Ludwin, Google; Tasha Drew, VMware; Ryan Bezdicek, Twilio; Fei Guo, Alibaba
Speakers: Adrian Ludwin, Tasha Drew, Ryan Bezdicek, Fei Guo
Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!
- 5 participants
- 24 minutes
26 Jul 2022
Patterns for Multi-Tenancy and MultiCluster-Management - Christian Stark, Red Hat
https://github.com/ch-stark/gitops-rbac-example/blob/main/blog/blog.md#organizational-needs
https://github.com/ch-stark/gitops-rbac-example
https://github.com/ch-stark/gatekeeper-kyverno-policyset
Kubernetes Multi-tenancy recipes - Devdatta Kulkarni (CloudARK), Sizhan Xu (UT Austin)
https://docs.google.com/document/d/1NiabaNjYgD7hqmMM-NYq3A6ODR4cP_hKaCSn0cduV7k/edit?usp=sharing
https://github.com/ch-stark/gitops-rbac-example/blob/main/blog/blog.md#organizational-needs
https://github.com/ch-stark/gitops-rbac-example
https://github.com/ch-stark/gatekeeper-kyverno-policyset
Kubernetes Multi-tenancy recipes - Devdatta Kulkarni (CloudARK), Sizhan Xu (UT Austin)
https://docs.google.com/document/d/1NiabaNjYgD7hqmMM-NYq3A6ODR4cP_hKaCSn0cduV7k/edit?usp=sharing
- 3 participants
- 42 minutes
8 Mar 2022
In which the intrepid working group designs their approach to delivering multi-tenancy documentation to the upstream project.
- 7 participants
- 37 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Future of Multi-Tenancy in Kubernetes - Tasha Drew, VMware; Adrian Ludwin, Google; Fei Guo, Alibaba; Jim Bugwadia, Nirmata
Applications need multi-tenancy. Shared services need multi-tenancy. Internal users need multi-tenancy. Tenancy requires segmentations at all layers of the infrastructure and services stack, not to mention surrounding capabilities like charge back, service priority, and cost optimization. Where is it all going? What is the future of multi-tenancy? Join the leads of the upstream working group for multi-tenancy to find out! We will discuss how we see users and entrprises leveraging multi-tenancy, the tools and capabilities our group and the rest of Kubernetes upstream community have been building to make multi-tenancy … tenable … and answer audience questions.
The Future of Multi-Tenancy in Kubernetes - Tasha Drew, VMware; Adrian Ludwin, Google; Fei Guo, Alibaba; Jim Bugwadia, Nirmata
Applications need multi-tenancy. Shared services need multi-tenancy. Internal users need multi-tenancy. Tenancy requires segmentations at all layers of the infrastructure and services stack, not to mention surrounding capabilities like charge back, service priority, and cost optimization. Where is it all going? What is the future of multi-tenancy? Join the leads of the upstream working group for multi-tenancy to find out! We will discuss how we see users and entrprises leveraging multi-tenancy, the tools and capabilities our group and the rest of Kubernetes upstream community have been building to make multi-tenancy … tenable … and answer audience questions.
- 4 participants
- 26 minutes
1 Jun 2021
Regular bi-weekly meeting
Agenda:
Lukas Gentele: Loft has open-sourced their virtual cluster technology and would like to talk about eventual convergence with the virtual cluster project
https://github.com/loft-sh/vcluster
Harsh :
* Issue: https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/41
Agenda:
Lukas Gentele: Loft has open-sourced their virtual cluster technology and would like to talk about eventual convergence with the virtual cluster project
https://github.com/loft-sh/vcluster
Harsh :
* Issue: https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/41
- 7 participants
- 53 minutes
14 May 2021
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-tenancy vs. Multi-cluster: When Should you Use What? - Tasha Drew, VMware; Ryan Bezdicek, Medtronic; Adrian Ludwin, Google; Jim Bugwadia, Nirmata
The Kubernetes Working Group for Multi-Tenancy has a lot of fun projects helping people throughout the Kubernetes ecosystem manage sharing clusters. One question that comes up a lot is "when should I share a cluster using multi-tenancy, and when should I spin up multiple clusters?" We call this multi-tenancy versus multi-cluster. There are also a lot of people who are doing both simultaneously! People want to know when to do which, and we're here to help. Join this panel with the technical leads and chair of the Multi-tenancy working group to hear our thoughts on multi-tenancy versus multi-cluster, in a panel format.
Multi-tenancy vs. Multi-cluster: When Should you Use What? - Tasha Drew, VMware; Ryan Bezdicek, Medtronic; Adrian Ludwin, Google; Jim Bugwadia, Nirmata
The Kubernetes Working Group for Multi-Tenancy has a lot of fun projects helping people throughout the Kubernetes ecosystem manage sharing clusters. One question that comes up a lot is "when should I share a cluster using multi-tenancy, and when should I spin up multiple clusters?" We call this multi-tenancy versus multi-cluster. There are also a lot of people who are doing both simultaneously! People want to know when to do which, and we're here to help. Join this panel with the technical leads and chair of the Multi-tenancy working group to hear our thoughts on multi-tenancy versus multi-cluster, in a panel format.
- 4 participants
- 29 minutes
6 Apr 2021
Vigorous discussion about hostile multi-tenancy versus soft/hard concepts.
- 9 participants
- 39 minutes
9 Mar 2021
Discussion over different forms of multi-tenancy versus multi-cluster versus virtual cluster in prep for Kubecon
- 6 participants
- 18 minutes
16 Feb 2021
Intro and CNCF Update
Talk #1: The Kubernetes Security Specialist Exam is Here! What to Know and How to Get Started
By Michael Foster, StackRox
Talk #2: What's new in Hierarchical Namespaces: now with less hierarchy! By Adrian Ludwin and Ginny Ji, Google
Talk #1: The Kubernetes Security Specialist Exam is Here! What to Know and How to Get Started
By Michael Foster, StackRox
Talk #2: What's new in Hierarchical Namespaces: now with less hierarchy! By Adrian Ludwin and Ginny Ji, Google
- 8 participants
- 1:25 hours
11 Jan 2021
Demo of Kubezoo's multi-tenancy capabilities by the tools' creators!
- 7 participants
- 49 minutes
4 Dec 2020
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2021 Virtual from May 4–7, 2021. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Working Group for Multi-Tenancy Project Overview - Tasha Drew, VMware, Adrian Ludwin, Google, Fei Guo, Alibaba & Jim Bugwadia, Nirmata
In this session, the leaders of the Kubernetes Working Group for Multi-Tenancy will quickly go over how you can join the multi-tenancy group, and also do a quick overview of each of the projects we are incubating: the Virtual Cluster Project, the Multi-Tenancy Benchmarks Project, and the Hierarchical Namespace Controller Project. You can visit all of our projects here too: https://github.com/kubernetes-sigs/multi-tenancy/ Got more questions? Join our mailing list via google groups https://groups.google.com/forum/#!forum/kubernetes-wg-multitenancy or talk to us in the #wg-multitenancy channel of the Kubernetes Slack.
https://sched.co/ekHM
Kubernetes Working Group for Multi-Tenancy Project Overview - Tasha Drew, VMware, Adrian Ludwin, Google, Fei Guo, Alibaba & Jim Bugwadia, Nirmata
In this session, the leaders of the Kubernetes Working Group for Multi-Tenancy will quickly go over how you can join the multi-tenancy group, and also do a quick overview of each of the projects we are incubating: the Virtual Cluster Project, the Multi-Tenancy Benchmarks Project, and the Hierarchical Namespace Controller Project. You can visit all of our projects here too: https://github.com/kubernetes-sigs/multi-tenancy/ Got more questions? Join our mailing list via google groups https://groups.google.com/forum/#!forum/kubernetes-wg-multitenancy or talk to us in the #wg-multitenancy channel of the Kubernetes Slack.
https://sched.co/ekHM
- 4 participants
- 23 minutes
1 Dec 2020
- [christopherhein] New Provider Repo (slowly moving VirtualCluster to here)
-- https://sigs.k8s.io/cluster-api-provider-nested
- Kiosk, Loft, and wg-multitenancy
-- Discuss projects from Loft and its OSS components and how they compare with wg-multitenancy efforts.
[Daniel Sover] Gauge interest on operator multitenancy update
-- https://sigs.k8s.io/cluster-api-provider-nested
- Kiosk, Loft, and wg-multitenancy
-- Discuss projects from Loft and its OSS components and how they compare with wg-multitenancy efforts.
[Daniel Sover] Gauge interest on operator multitenancy update
- 10 participants
- 57 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Virtual Cluster - A Practical Kubernetes Hard Multi-tenancy Solution - Fei Guo, Alibaba
Conventional, the concept of Kubernetes multi-tenancy is realized by namespaces. Tenants access controls are limited within tenant namespaces using RBAC rules. The Pod level isolation is primarily done using network policy. This model faces various problems when applied in production since Kubernetes is far from tenancy-ready. For example: 1) APIServer is lack of tenant-aware flow control. A single tenant may generate large amount of concurrent traffic making APIServer unresponsive to other tenants; 2) Tenants cannot install customized CRDs which requires cluster scope permission; We proposed Virtual Cluster solution to resolve the multi-tenancy problem from a different angle. Basically, every tenant will be assigned a dedicated K8s control plane. All tenant K8s shares a big super master. Virtual cluster is built based on CRDs. The entire solution is open sourced in Github.
https://sched.co/Zek6
Virtual Cluster - A Practical Kubernetes Hard Multi-tenancy Solution - Fei Guo, Alibaba
Conventional, the concept of Kubernetes multi-tenancy is realized by namespaces. Tenants access controls are limited within tenant namespaces using RBAC rules. The Pod level isolation is primarily done using network policy. This model faces various problems when applied in production since Kubernetes is far from tenancy-ready. For example: 1) APIServer is lack of tenant-aware flow control. A single tenant may generate large amount of concurrent traffic making APIServer unresponsive to other tenants; 2) Tenants cannot install customized CRDs which requires cluster scope permission; We proposed Virtual Cluster solution to resolve the multi-tenancy problem from a different angle. Basically, every tenant will be assigned a dedicated K8s control plane. All tenant K8s shares a big super master. Virtual cluster is built based on CRDs. The entire solution is open sourced in Github.
https://sched.co/Zek6
- 1 participant
- 36 minutes
11 Aug 2020
Pretty informal call, no agenda. We discuss
- Kubecon next week, talks people are giving / attending
- Virtual conferences
- Process for making HNC a formal sub project
- Kubecon next week, talks people are giving / attending
- Virtual conferences
- Process for making HNC a formal sub project
- 5 participants
- 17 minutes
28 Jul 2020
- MTB demo (Divya, Anuj, Jim)
- HNC update (0.5.1, v1alpha2, etc)
- Live from sig-multicluster: Naming Survey Results with 112 responses
- HNC update (0.5.1, v1alpha2, etc)
- Live from sig-multicluster: Naming Survey Results with 112 responses
- 8 participants
- 41 minutes
14 Jul 2020
- Special announcement from Kubernetes Steering Committee
- Discussing of Arktos, part 2
- Discussing of Arktos, part 2
- 11 participants
- 1:03 hours
30 Jun 2020
Xiaoning Ding will walk through multi-tenancy features of Arktos (https://github.com/futurewei-cloud/arktos), and see if the community is interested in working together to upstream some of them to Kubernetes
- 13 participants
- 1:06 hours
2 Jun 2020
- Multi-Tenancy Benchmarks (MTB) update and demo [Anuj, Jim] (~15 mins)
- HNC v0.4.0 RC1 is released: https://github.com/kubernetes-sigs/multi-tenancy/releases/tag/hnc-v0.4.0-rc1. Thanks to @Ryan Bez as always for his reviews, and to @yiqigao217 for her contributions! Yiqi will review the changes to HNC at the next wg-multitenancy meeting.
- HNC v0.4.0 RC1 is released: https://github.com/kubernetes-sigs/multi-tenancy/releases/tag/hnc-v0.4.0-rc1. Thanks to @Ryan Bez as always for his reviews, and to @yiqigao217 for her contributions! Yiqi will review the changes to HNC at the next wg-multitenancy meeting.
- 7 participants
- 24 minutes
21 Apr 2020
In-depth demo and Q&A about the Virtual Cluster Project, and quick status updates from the Hierarchical Namespace Controller team, and the Secure Benchmarking team.
- 11 participants
- 58 minutes
23 Mar 2020
Agenda:
Berat Senel: EdgeNet Kubernetes distributed Cloud presentation http://edgenet.planet-lab.eu:8081/ https://github.com/EdgeNet-Project.
Daniel Sover: Operator Lifecycle Manager and some of the multitenancy related problems the project has and how it solves them
See agenda doc for helpful github and presentation links here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
Berat Senel: EdgeNet Kubernetes distributed Cloud presentation http://edgenet.planet-lab.eu:8081/ https://github.com/EdgeNet-Project.
Daniel Sover: Operator Lifecycle Manager and some of the multitenancy related problems the project has and how it solves them
See agenda doc for helpful github and presentation links here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- 12 participants
- 1:01 hours
14 Jan 2020
Regular WG Meeting
- Kubeflow & Multi-tenancy
- Update on secure benchmarks
- Kubeflow & Multi-tenancy
- Update on secure benchmarks
- 9 participants
- 55 minutes
12 Jan 2020
- HNC has been approved by sig-auth to move to its own repo, and we need to make some decisions on that front (e.g. keep the hnc.x-k8s.io API group, or switch to hnc.k8s.io). [Adrian]
- Multi-tenancy with Kyverno:
-- Namespaces-as-a-service: Jim Bugwadia
-- Clusters-as-a-Service: Scott Rosenberg
- Multi-tenancy with Kyverno:
-- Namespaces-as-a-service: Jim Bugwadia
-- Clusters-as-a-Service: Scott Rosenberg
- 6 participants
- 54 minutes
17 Dec 2019
Ryan Bezdicek (Cray) reviews the new CoreDNS + OPA plugin model
- 7 participants
- 35 minutes
3 Dec 2019
- Go over proposal for Account Quota : Paul, Chaitanya and Shikha ( IBM)
- Kubecon retro
-- New OPA plugin using Core DNS! Ryan to follow up
-- Cruze’s multi-tenancy overview
-- Videos are up now!
- Kubecon retro
-- New OPA plugin using Core DNS! Ryan to follow up
-- Cruze’s multi-tenancy overview
-- Videos are up now!
- 7 participants
- 46 minutes
22 Nov 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Deep Dive: Kubernetes Working Group for Multi-tenancy - Sanjeev Rampal, Cisco & Adrian Ludwin, Google
This deep dive of the working group for Multi-tenancy will include an in-depth technical exploration of multi-tenancy in core Kubernetes and the tooling and services the multi-tenancy working group has been developing to mainstream how users of Kubernetes can achieve multi-tenancy.
https://sched.co/Uah1
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Deep Dive: Kubernetes Working Group for Multi-tenancy - Sanjeev Rampal, Cisco & Adrian Ludwin, Google
This deep dive of the working group for Multi-tenancy will include an in-depth technical exploration of multi-tenancy in core Kubernetes and the tooling and services the multi-tenancy working group has been developing to mainstream how users of Kubernetes can achieve multi-tenancy.
https://sched.co/Uah1
- 5 participants
- 35 minutes
22 Nov 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Intro to the Kubernetes Working Group for Multi-tenancy - Tasha Drew, VMware
This introduction will go over what the multi-tenancy working group has been working on and how new contributors can become engaged. New users and contributors are encouraged to attend if multi-tenancy in core Kubernetes is something you are interested in or are working on implementing at your own organization.
https://sched.co/Uaj3
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Intro to the Kubernetes Working Group for Multi-tenancy - Tasha Drew, VMware
This introduction will go over what the multi-tenancy working group has been working on and how new contributors can become engaged. New users and contributors are encouraged to attend if multi-tenancy in core Kubernetes is something you are interested in or are working on implementing at your own organization.
https://sched.co/Uaj3
- 6 participants
- 28 minutes
22 Nov 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise
Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas. This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches. You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes. Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!
https://sched.co/UaaO
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise
Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas. This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches. You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes. Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!
https://sched.co/UaaO
- 5 participants
- 33 minutes
22 Nov 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Erica Von Buelow, Red Hat; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba
Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).
https://sched.co/UaXF
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Erica Von Buelow, Red Hat; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba
Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).
https://sched.co/UaXF
- 9 participants
- 36 minutes
22 Nov 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google
What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate. We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.
https://sched.co/UaeM
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google
What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate. We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.
https://sched.co/UaeM
- 6 participants
- 33 minutes
21 Nov 2019
This is a virtual cluster demo for the tool that is currently incubating as a project in the Multi-tenancy working group for Kubernetes.
Code on github: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/virtualcluster
Code on github: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/virtualcluster
- 1 participant
- 7 minutes
8 Oct 2019
Tasha: Kubecon Update
Raffaele Spazzoli: Namespace configuration operator
Angel Barrera/Pau Rosello: Hosted Namespace as a Service
Full notes here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
Raffaele Spazzoli: Namespace configuration operator
Angel Barrera/Pau Rosello: Hosted Namespace as a Service
Full notes here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- 9 participants
- 1:01 hours
24 Sep 2019
Adrian Ludwin: “Hierarchical Namespace Controller” demo
Shikha (IBM): IBM Multitenancy proposal & alignment with WG
Sanjeev Rampal: Summary of Multitenancy WG architecture tracks
Shikha (IBM): IBM Multitenancy proposal & alignment with WG
Sanjeev Rampal: Summary of Multitenancy WG architecture tracks
- 6 participants
- 54 minutes
30 Jul 2019
Full agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
Jim Bugwadia to present on Kyverno (kyverno.io): The specific Kyverno feature we are discussing is the ability to generate configurations when a namespace is created.
- https://github.com/nirmata/kyverno/
- https://docs.google.com/presentation/d/1CnBFvqJMxqYNdFj8mOc1JbE37_dCWP37Vklu5Wl5Tr4/edit?usp=sharing
Sanjeev Rampal - update on work streams
- Tenancy v2 CRD
- Tenant Controller doc: https://docs.google.com/document/d/1PkV7y_GHU_RfL2y8W-tLa98UnHuierkixXz-5uwKjMA/edit#heading=h.5vii875b7qm0
- Hierarchical Namespace: Adrian (Google) has some ideas to implement here and will present soon, waiting on final sign off to be able to talk about detailed design
- Virtual Clusters based approach: Similar to Rancher KV3, proposing analysis of KV3 vs virtual cluster
Call for super specific multi-tenancy use cases - add yours here!
Financial Services User Group: Security Profile request: we have two “best practices” profile docs in rough draft/incomplete form, contributions welcome:
- Single user: https://github.com/kubernetes-sigs/multi-tenancy/pull/28
- Multi-tenant cluster: https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/profiles/profile-soft-multitenancy-s1.md
Jim Bugwadia to present on Kyverno (kyverno.io): The specific Kyverno feature we are discussing is the ability to generate configurations when a namespace is created.
- https://github.com/nirmata/kyverno/
- https://docs.google.com/presentation/d/1CnBFvqJMxqYNdFj8mOc1JbE37_dCWP37Vklu5Wl5Tr4/edit?usp=sharing
Sanjeev Rampal - update on work streams
- Tenancy v2 CRD
- Tenant Controller doc: https://docs.google.com/document/d/1PkV7y_GHU_RfL2y8W-tLa98UnHuierkixXz-5uwKjMA/edit#heading=h.5vii875b7qm0
- Hierarchical Namespace: Adrian (Google) has some ideas to implement here and will present soon, waiting on final sign off to be able to talk about detailed design
- Virtual Clusters based approach: Similar to Rancher KV3, proposing analysis of KV3 vs virtual cluster
Call for super specific multi-tenancy use cases - add yours here!
Financial Services User Group: Security Profile request: we have two “best practices” profile docs in rough draft/incomplete form, contributions welcome:
- Single user: https://github.com/kubernetes-sigs/multi-tenancy/pull/28
- Multi-tenant cluster: https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/profiles/profile-soft-multitenancy-s1.md
- 9 participants
- 40 minutes
2 Jul 2019
- Tenancy CRD v2 planning and update from Sanjeev Rampal
- Update from Yushiro Furukawa and team on their coredump feature
https://drive.google.com/file/d/1vYmcxYDPG7HxMVautB-GVxIswEVbC1dc/view
- Update from Yushiro Furukawa and team on their coredump feature
https://drive.google.com/file/d/1vYmcxYDPG7HxMVautB-GVxIswEVbC1dc/view
- 10 participants
- 1:01 hours
18 Jun 2019
Agenda/notes:
- Co-chair announcements: Sanjeev Rampal is new co-chair!
- Yushiro Furukawa is going to present his coredump feature. How do you make sure the correct users can access their logs in a multi-tenant cluster?
- Kural to discuss Tenant resource quota feature request/proposal in Tenant controller PoC https://wiki.onap.org/display/DW/ONAP+Cloud+Native+Multi+tenancy+proposal#ONAPCloudNativeMultitenancyproposal-ResourcequotaproposalforthetenantCRD
- Co-chair announcements: Sanjeev Rampal is new co-chair!
- Yushiro Furukawa is going to present his coredump feature. How do you make sure the correct users can access their logs in a multi-tenant cluster?
- Kural to discuss Tenant resource quota feature request/proposal in Tenant controller PoC https://wiki.onap.org/display/DW/ONAP+Cloud+Native+Multi+tenancy+proposal#ONAPCloudNativeMultitenancyproposal-ResourcequotaproposalforthetenantCRD
- 10 participants
- 51 minutes
4 Jun 2019
Self-nominations for co-chair:
- Would you like to be the next co-chair of the working group? Attend the meeting, introduce yourself, and say a few words about why you'd be interested! I'm also happy to talk to anyone offline who would like more info about the role
-- Self-nominate slides (Harry): https://speakerdeck.com/resouer/self-nominate-wg-multitenancy-lei-harry-zhang
Further discussion of Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)
Tom Runyon has built a multitenant manager for a client of his that is similar to the proposed Tenant CRD, except it:
- Runs on Openshift so he could leverage ClusterResourceQuotas
- Manages tenants across multiple clusters
- He will go over his requirements and walk through a couple pieces of his implementation
-- https://docs.google.com/presentation/d/1x9Db5NGkvj1hzWsUKP4bTlKWWp-830A9VPOR4BDHyic/edit?usp=sharing
- Would you like to be the next co-chair of the working group? Attend the meeting, introduce yourself, and say a few words about why you'd be interested! I'm also happy to talk to anyone offline who would like more info about the role
-- Self-nominate slides (Harry): https://speakerdeck.com/resouer/self-nominate-wg-multitenancy-lei-harry-zhang
Further discussion of Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)
Tom Runyon has built a multitenant manager for a client of his that is similar to the proposed Tenant CRD, except it:
- Runs on Openshift so he could leverage ClusterResourceQuotas
- Manages tenants across multiple clusters
- He will go over his requirements and walk through a couple pieces of his implementation
-- https://docs.google.com/presentation/d/1x9Db5NGkvj1hzWsUKP4bTlKWWp-830A9VPOR4BDHyic/edit?usp=sharing
- 11 participants
- 56 minutes
24 May 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Reenforce Kubernetes Image Isolation in Multi-Tenant Service - Eric Lin, Alibaba
Serverless Computing is one of the fast-evolving technologies in Public Cloud nowadays, such as AWS fargate, Azure ACI. However, this introduces various isolation challenges as multiple tenants could share the same physical server. This talk introduces one of the key isolation issues while using k8s as a public multi-tenant service. The isolation issues within this talk are particularly focused on the image. K8s is a great project that aggregates a large number of computing nodes and providing container service to tenants, which also provides very basic isolation features. However, the isolation is still not good enough to serve the public cloud scenario. There are some flaws existing in both k8s and its dependency containerd. And in this talk, we will go through the causes of these flaws and how we fix and feedback it to upstream
https://sched.co/MPdE
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Reenforce Kubernetes Image Isolation in Multi-Tenant Service - Eric Lin, Alibaba
Serverless Computing is one of the fast-evolving technologies in Public Cloud nowadays, such as AWS fargate, Azure ACI. However, this introduces various isolation challenges as multiple tenants could share the same physical server. This talk introduces one of the key isolation issues while using k8s as a public multi-tenant service. The isolation issues within this talk are particularly focused on the image. K8s is a great project that aggregates a large number of computing nodes and providing container service to tenants, which also provides very basic isolation features. However, the isolation is still not good enough to serve the public cloud scenario. There are some flaws existing in both k8s and its dependency containerd. And in this talk, we will go through the causes of these flaws and how we fix and feedback it to upstream
https://sched.co/MPdE
- 4 participants
- 24 minutes
23 May 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Deep Dive: Kubernetes WG for Multitenancy - Sanjeev Rampal, Cisco & Ryan Bezdicek, Cray, Inc.
The deep dive will be an interactive session to discuss the status of multitenancy in kubernetes, run unconference style, with attendees proposing topics of conversation and participating in a group conversation about the most popular topics. We will discuss the on-going work the multitenancy working group is working on and more future focused issues around the various SIGs that have a vested interest in multitenancy.
https://sched.co/MPjr
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Deep Dive: Kubernetes WG for Multitenancy - Sanjeev Rampal, Cisco & Ryan Bezdicek, Cray, Inc.
The deep dive will be an interactive session to discuss the status of multitenancy in kubernetes, run unconference style, with attendees proposing topics of conversation and participating in a group conversation about the most popular topics. We will discuss the on-going work the multitenancy working group is working on and more future focused issues around the various SIGs that have a vested interest in multitenancy.
https://sched.co/MPjr
- 14 participants
- 47 minutes
23 May 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Panel Discussion: Multi-Tenancy in Kubernetes: Current State and Future Roadmap - Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Erica von Buelow, Red Hat; and Tasha Drew, VMware
Kubernetes doesn’t currently formally support the notion of multi-tenancy. However, many companies today are using Kubernetes to provide ad hoc multi-tenant solutions, to share kubernetes cluster resources between multiple independent teams. In this panel, we will have a discussion with a mix of experts on this topic including panelists from kubernetes users, open source community contributors, vendors and providers. The panel will discuss both soft and hard multi-tenancy models and will cover solutions that are available today (such as pod security policies and rbac) as well as new features being developed by the community Multi-tenancy working group and related work such as Kata containers. Importantly we will have an open discussion between panel members and audience on requirements and issues related to end to end aspects of multi-tenancy in real world deployments.
https://sched.co/MPcY
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Panel Discussion: Multi-Tenancy in Kubernetes: Current State and Future Roadmap - Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Erica von Buelow, Red Hat; and Tasha Drew, VMware
Kubernetes doesn’t currently formally support the notion of multi-tenancy. However, many companies today are using Kubernetes to provide ad hoc multi-tenant solutions, to share kubernetes cluster resources between multiple independent teams. In this panel, we will have a discussion with a mix of experts on this topic including panelists from kubernetes users, open source community contributors, vendors and providers. The panel will discuss both soft and hard multi-tenancy models and will cover solutions that are available today (such as pod security policies and rbac) as well as new features being developed by the community Multi-tenancy working group and related work such as Kata containers. Importantly we will have an open discussion between panel members and audience on requirements and issues related to end to end aspects of multi-tenancy in real world deployments.
https://sched.co/MPcY
- 13 participants
- 40 minutes
22 May 2019
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Intro: Kubernetes WG for Multitenancy - Tasha Drew, VMware
This presentation will be an overview of the work the multitenancy group has been doing, defining soft and hard multitenancy and reviewing the project plan for addressing both that the working group is putting forward. We will explain how people new to the working group can get engaged and review the various KEPs that the working group is involved with.
https://sched.co/MPiD
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Intro: Kubernetes WG for Multitenancy - Tasha Drew, VMware
This presentation will be an overview of the work the multitenancy group has been doing, defining soft and hard multitenancy and reviewing the project plan for addressing both that the working group is putting forward. We will explain how people new to the working group can get engaged and review the various KEPs that the working group is involved with.
https://sched.co/MPiD
- 4 participants
- 24 minutes
7 May 2019
May 8, 2019, 11am - Noon (Pacific Time)
To be discussed at this meeting:
- Discuss alternative solutions to the Tenancy CRD (By Yisui Hu, Google)
-- Read them at the end of this doc: https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.r5a9ppuyrmye
- Discuss the fundamental tenancy concept (KEP?) (By Yisui Hu, Google)
-- https://drive.google.com/open?id=1ddx7UAEPKFPldBh_diksYO4WZXSHDUhm-e6hyNNGYVU
- Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)
Notes:
- Multitenancy Repo has a links repo now with all our docs etc in a single place to help with discoverability
https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/links.md
To be discussed at this meeting:
- Discuss alternative solutions to the Tenancy CRD (By Yisui Hu, Google)
-- Read them at the end of this doc: https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.r5a9ppuyrmye
- Discuss the fundamental tenancy concept (KEP?) (By Yisui Hu, Google)
-- https://drive.google.com/open?id=1ddx7UAEPKFPldBh_diksYO4WZXSHDUhm-e6hyNNGYVU
- Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)
Notes:
- Multitenancy Repo has a links repo now with all our docs etc in a single place to help with discoverability
https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/links.md
- 8 participants
- 1:00 hours
23 Apr 2019
Agenda: Discuss Tenancy CRD
Notes:
- Demo by Yisui Hu (@easeway)
- Review of open questions raised by prototype
- Kubernetes Tenant CRD (includes overview of CRD and open questions): https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.c0uts5ftkk58
-- Leave comments here for suggested approaches to open questions etc
- All code and links to docs etc can always be found in the github repo: https://github.com/kubernetes-sigs/multi-tenancy/
- Tenancy CRD proof of concept: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/poc/tenant-controller
-- Open issues here for suggested features, extensions, changes, etc
Notes and agenda doc for all meetings: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
Notes:
- Demo by Yisui Hu (@easeway)
- Review of open questions raised by prototype
- Kubernetes Tenant CRD (includes overview of CRD and open questions): https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.c0uts5ftkk58
-- Leave comments here for suggested approaches to open questions etc
- All code and links to docs etc can always be found in the github repo: https://github.com/kubernetes-sigs/multi-tenancy/
- Tenancy CRD proof of concept: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/poc/tenant-controller
-- Open issues here for suggested features, extensions, changes, etc
Notes and agenda doc for all meetings: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- 11 participants
- 53 minutes
9 Apr 2019
To be discussed at this meeting:
- Approved project plan
- Tenancy CRD: discussion moved to next meeting (April 23)
- New project tracker
- Moving forward with the work identified in our project plan
Notes:
- New kubernetes-sig working space: https://github.com/kubernetes-sigs/multi-tenancy
- Project tracker on github: https://github.com/kubernetes-sigs/multi-tenancy/projects/1
- Project Plan: https://docs.google.com/document/d/1U8RQQmTUjxgMZY05HG2f7b3KsB94BhK4Ko6aWbLNXcc/edit#heading=h.usecunpmfu3a
- Next up: security profiles for both a single tenant cluster and a soft multitenant cluster. Please volunteer to work on this either via the github project or the mailing list.
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/3
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/5
See full notes from all meetings here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- Approved project plan
- Tenancy CRD: discussion moved to next meeting (April 23)
- New project tracker
- Moving forward with the work identified in our project plan
Notes:
- New kubernetes-sig working space: https://github.com/kubernetes-sigs/multi-tenancy
- Project tracker on github: https://github.com/kubernetes-sigs/multi-tenancy/projects/1
- Project Plan: https://docs.google.com/document/d/1U8RQQmTUjxgMZY05HG2f7b3KsB94BhK4Ko6aWbLNXcc/edit#heading=h.usecunpmfu3a
- Next up: security profiles for both a single tenant cluster and a soft multitenant cluster. Please volunteer to work on this either via the github project or the mailing list.
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/3
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/5
See full notes from all meetings here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- 2 participants
- 8 minutes
26 Feb 2019
Discussion of draft project plan for the multitenancy working group. Document is open for comments here: https://docs.google.com/document/d/1U8RQQmTUjxgMZY05HG2f7b3KsB94BhK4Ko6aWbLNXcc/edit?usp=sharing
- 5 participants
- 33 minutes
29 Jan 2019
Discussion of the proposed project plan here: https://docs.google.com/presentation/d/1dsAsVm8kCA9Dx9_gMEYeJL7pduAbnfnxT9lhbyCvHDg/edit#slide=id.p9
- 9 participants
- 56 minutes
15 Jan 2019
Working Group Multitenancy Meeting Notes/Agenda
When: Biweekly on Tuesdays at 11am Pacific Time (opposite weeks of sig-auth on Wednesdays)
Working Group Multitenancy Info: https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md
Charter: https://docs.google.com/document/d/1SkVdOPR4jozYDT8ro51hU3yrf1sHS8Gez73xM3PCsVo/edit
Sanjeev Rampal goes over working group doc generated from in person meeting at Kubecon
Agenda:
Multitenancy Working Group Proposal:
- Motivation
- Models/profiles of multitenancy overview
- Commonly asked questions and proposed answers
- Detailed proposal for each model of multitenancy with sample configs and proposed work items
- Action Items and Next Steps
- Timelines
Presentation: https://docs.google.com/presentation/d/1dsAsVm8kCA9Dx9_gMEYeJL7pduAbnfnxT9lhbyCvHDg/edit#slide=id.p1
When: Biweekly on Tuesdays at 11am Pacific Time (opposite weeks of sig-auth on Wednesdays)
Working Group Multitenancy Info: https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md
Charter: https://docs.google.com/document/d/1SkVdOPR4jozYDT8ro51hU3yrf1sHS8Gez73xM3PCsVo/edit
Sanjeev Rampal goes over working group doc generated from in person meeting at Kubecon
Agenda:
Multitenancy Working Group Proposal:
- Motivation
- Models/profiles of multitenancy overview
- Commonly asked questions and proposed answers
- Detailed proposal for each model of multitenancy with sample configs and proposed work items
- Action Items and Next Steps
- Timelines
Presentation: https://docs.google.com/presentation/d/1dsAsVm8kCA9Dx9_gMEYeJL7pduAbnfnxT9lhbyCvHDg/edit#slide=id.p1
- 9 participants
- 1:01 hours
18 Dec 2018
December 12, 2018 - Kubernetes Multitenancy Working Group Meeting.
Agenda:
- Yisui Hu will go over outstanding KEPs:
-- Namespace population
-- Security profiles
Notes:
- Namespace Population KEP https://github.com/kubernetes/community/pull/2052
- KEP: Namespace Initializer https://github.com/kubernetes/enhancements/pull/645
-- Presented in SIG-API Machinery twice, agreed to move forward by pinging all reviewers for explicit comments
-- Next step: namespace initializers upstream contribution
- Conformance: we need to get an explanation of what conformance end to end tests can and can’t include
Agenda:
- Yisui Hu will go over outstanding KEPs:
-- Namespace population
-- Security profiles
Notes:
- Namespace Population KEP https://github.com/kubernetes/community/pull/2052
- KEP: Namespace Initializer https://github.com/kubernetes/enhancements/pull/645
-- Presented in SIG-API Machinery twice, agreed to move forward by pinging all reviewers for explicit comments
-- Next step: namespace initializers upstream contribution
- Conformance: we need to get an explanation of what conformance end to end tests can and can’t include
- 4 participants
- 38 minutes
24 Oct 2018
Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#
- 10 participants
- 51 minutes
10 Oct 2018
Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 9 participants
- 44 minutes
18 Jul 2018
Agenda and Notes https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 10 participants
- 1:00 hours
6 Jun 2018
Agenda and Notes: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 12 participants
- 58 minutes
9 Mar 2018
Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 6 participants
- 57 minutes
28 Feb 2018
Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 11 participants
- 54 minutes
14 Feb 2018
Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit
- 9 participants
- 37 minutes