Kubernetes / WG Multi Tenancy

Multi-Network Bi-Weekly Community Sync for 20230308

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Multi-Tenancy: Tips, Tricks, Tools And Tests - Adrian Ludwin, Google; Tasha Drew, VMware; Ryan Bezdicek, Twilio; Fei Guo, Alibaba

Speakers: Adrian Ludwin, Tasha Drew, Ryan Bezdicek, Fei Guo
Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!

WG-Multitenancy BI-Weekly Meeting for 20221018

Brian Grant demos kpt

Patterns for Multi-Tenancy and MultiCluster-Management - Christian Stark, Red Hat
https://github.com/ch-stark/gitops-rbac-example/blob/main/blog/blog.md#organizational-needs
https://github.com/ch-stark/gitops-rbac-example
https://github.com/ch-stark/gatekeeper-kyverno-policyset
Kubernetes Multi-tenancy recipes - Devdatta Kulkarni (CloudARK), Sizhan Xu (UT Austin)
https://docs.google.com/document/d/1NiabaNjYgD7hqmMM-NYq3A6ODR4cP_hKaCSn0cduV7k/edit?usp=sharing

WG-Multitenancy Bi-Weekly Meeting for 20220531

WG-Multi-Tenancy Bi-Weekly Meeting for 20220405

In which the intrepid working group designs their approach to delivering multi-tenancy documentation to the upstream project.

WG Multi-Tenancy Bi-Weekly Meeting for 20220208

Multi-Tenancy WG Bi-Weekly Meeting for 20211130

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

The Future of Multi-Tenancy in Kubernetes - Tasha Drew, VMware; Adrian Ludwin, Google; Fei Guo, Alibaba; Jim Bugwadia, Nirmata

Applications need multi-tenancy. Shared services need multi-tenancy. Internal users need multi-tenancy. Tenancy requires segmentations at all layers of the infrastructure and services stack, not to mention surrounding capabilities like charge back, service priority, and cost optimization. Where is it all going? What is the future of multi-tenancy? Join the leads of the upstream working group for multi-tenancy to find out! We will discuss how we see users and entrprises leveraging multi-tenancy, the tools and capabilities our group and the rest of Kubernetes upstream community have been building to make multi-tenancy … tenable … and answer audience questions.

No description provided.

Regular bi-weekly meeting
Agenda:
Lukas Gentele: Loft has open-sourced their virtual cluster technology and would like to talk about eventual convergence with the virtual cluster project
https://github.com/loft-sh/vcluster

Harsh :
* Issue: https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/41

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Multi-tenancy vs. Multi-cluster: When Should you Use What? - Tasha Drew, VMware; Ryan Bezdicek, Medtronic; Adrian Ludwin, Google; Jim Bugwadia, Nirmata

The Kubernetes Working Group for Multi-Tenancy has a lot of fun projects helping people throughout the Kubernetes ecosystem manage sharing clusters. One question that comes up a lot is "when should I share a cluster using multi-tenancy, and when should I spin up multiple clusters?" We call this multi-tenancy versus multi-cluster. There are also a lot of people who are doing both simultaneously! People want to know when to do which, and we're here to help. Join this panel with the technical leads and chair of the Multi-tenancy working group to hear our thoughts on multi-tenancy versus multi-cluster, in a panel format.

Vigorous discussion about hostile multi-tenancy versus soft/hard concepts.

Discussion over different forms of multi-tenancy versus multi-cluster versus virtual cluster in prep for Kubecon

Intro and CNCF Update
Talk #1: The Kubernetes Security Specialist Exam is Here! What to Know and How to Get Started
By Michael Foster, StackRox
Talk #2: What's new in Hierarchical Namespaces: now with less hierarchy! By Adrian Ludwin and Ginny Ji, Google

Demo of Kubezoo's multi-tenancy capabilities by the tools' creators!

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2021 Virtual from May 4–7, 2021. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Kubernetes Working Group for Multi-Tenancy Project Overview - Tasha Drew, VMware, Adrian Ludwin, Google, Fei Guo, Alibaba & Jim Bugwadia, Nirmata

In this session, the leaders of the Kubernetes Working Group for Multi-Tenancy will quickly go over how you can join the multi-tenancy group, and also do a quick overview of each of the projects we are incubating: the Virtual Cluster Project, the Multi-Tenancy Benchmarks Project, and the Hierarchical Namespace Controller Project. You can visit all of our projects here too: https://github.com/kubernetes-sigs/multi-tenancy/ Got more questions? Join our mailing list via google groups https://groups.google.com/forum/#!forum/kubernetes-wg-multitenancy or talk to us in the #wg-multitenancy channel of the Kubernetes Slack.

https://sched.co/ekHM

- [christopherhein] New Provider Repo (slowly moving VirtualCluster to here)
-- https://sigs.k8s.io/cluster-api-provider-nested
- Kiosk, Loft, and wg-multitenancy
-- Discuss projects from Loft and its OSS components and how they compare with wg-multitenancy efforts.
[Daniel Sover] Gauge interest on operator multitenancy update

WG Multi-Tenancy Bi-Weekly Meeting for 20201006

Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Virtual Cluster - A Practical Kubernetes Hard Multi-tenancy Solution - Fei Guo, Alibaba

Conventional, the concept of Kubernetes multi-tenancy is realized by namespaces. Tenants access controls are limited within tenant namespaces using RBAC rules. The Pod level isolation is primarily done using network policy. This model faces various problems when applied in production since Kubernetes is far from tenancy-ready. For example: 1) APIServer is lack of tenant-aware flow control. A single tenant may generate large amount of concurrent traffic making APIServer unresponsive to other tenants; 2) Tenants cannot install customized CRDs which requires cluster scope permission; We proposed Virtual Cluster solution to resolve the multi-tenancy problem from a different angle. Basically, every tenant will be assigned a dedicated K8s control plane. All tenant K8s shares a big super master. Virtual cluster is built based on CRDs. The entire solution is open sourced in Github.

https://sched.co/Zek6

Presentation on the Multitenancy Operator by Capsule

Pretty informal call, no agenda. We discuss
- Kubecon next week, talks people are giving / attending

- Virtual conferences

- Process for making HNC a formal sub project

- MTB demo (Divya, Anuj, Jim)
- HNC update (0.5.1, v1alpha2, etc)
- Live from sig-multicluster: Naming Survey Results with 112 responses

- Special announcement from Kubernetes Steering Committee

- Discussing of Arktos, part 2

Xiaoning Ding will walk through multi-tenancy features of Arktos (https://github.com/futurewei-cloud/arktos), and see if the community is interested in working together to upstream some of them to Kubernetes

- Multi-Tenancy Benchmarks (MTB) update and demo [Anuj, Jim] (~15 mins)
- HNC v0.4.0 RC1 is released: https://github.com/kubernetes-sigs/multi-tenancy/releases/tag/hnc-v0.4.0-rc1. Thanks to @Ryan Bez as always for his reviews, and to @yiqigao217 for her contributions! Yiqi will review the changes to HNC at the next wg-multitenancy meeting.

In-depth demo and Q&A about the Virtual Cluster Project, and quick status updates from the Hierarchical Namespace Controller team, and the Secure Benchmarking team.

Agenda:

Berat Senel: EdgeNet Kubernetes distributed Cloud presentation http://edgenet.planet-lab.eu:8081/ https://github.com/EdgeNet-Project.


Daniel Sover: Operator Lifecycle Manager and some of the multitenancy related problems the project has and how it solves them


See agenda doc for helpful github and presentation links here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

Regular WG Meeting
- Kubeflow & Multi-tenancy
- Update on secure benchmarks

- HNC has been approved by sig-auth to move to its own repo, and we need to make some decisions on that front (e.g. keep the hnc.x-k8s.io API group, or switch to hnc.k8s.io). [Adrian]
- Multi-tenancy with Kyverno:
-- Namespaces-as-a-service: Jim Bugwadia
-- Clusters-as-a-Service: Scott Rosenberg

Ryan Bezdicek (Cray) reviews the new CoreDNS + OPA plugin model

- Go over proposal for Account Quota : Paul, Chaitanya and Shikha ( IBM)
- Kubecon retro
-- New OPA plugin using Core DNS! Ryan to follow up
-- Cruze’s multi-tenancy overview
-- Videos are up now!

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Deep Dive: Kubernetes Working Group for Multi-tenancy - Sanjeev Rampal, Cisco & Adrian Ludwin, Google

This deep dive of the working group for Multi-tenancy will include an in-depth technical exploration of multi-tenancy in core Kubernetes and the tooling and services the multi-tenancy working group has been developing to mainstream how users of Kubernetes can achieve multi-tenancy.

https://sched.co/Uah1

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Intro to the Kubernetes Working Group for Multi-tenancy - Tasha Drew, VMware

This introduction will go over what the multi-tenancy working group has been working on and how new contributors can become engaged. New users and contributors are encouraged to attend if multi-tenancy in core Kubernetes is something you are interested in or are working on implementing at your own organization.

https://sched.co/Uaj3

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise

Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas. This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches. You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes. Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!

https://sched.co/UaaO

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Erica Von Buelow, Red Hat; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba

Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).

https://sched.co/UaXF

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google

What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate. We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.

https://sched.co/UaeM

This is a virtual cluster demo for the tool that is currently incubating as a project in the Multi-tenancy working group for Kubernetes.

Code on github: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/virtualcluster

Tasha: Kubecon Update
Raffaele Spazzoli: Namespace configuration operator
Angel Barrera/Pau Rosello: Hosted Namespace as a Service

Full notes here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

Adrian Ludwin: “Hierarchical Namespace Controller” demo
Shikha (IBM): IBM Multitenancy proposal & alignment with WG
Sanjeev Rampal: Summary of Multitenancy WG architecture tracks

Full agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

Jim Bugwadia to present on Kyverno (kyverno.io): The specific Kyverno feature we are discussing is the ability to generate configurations when a namespace is created.
- https://github.com/nirmata/kyverno/
- https://docs.google.com/presentation/d/1CnBFvqJMxqYNdFj8mOc1JbE37_dCWP37Vklu5Wl5Tr4/edit?usp=sharing

Sanjeev Rampal - update on work streams
- Tenancy v2 CRD
- Tenant Controller doc: https://docs.google.com/document/d/1PkV7y_GHU_RfL2y8W-tLa98UnHuierkixXz-5uwKjMA/edit#heading=h.5vii875b7qm0
- Hierarchical Namespace: Adrian (Google) has some ideas to implement here and will present soon, waiting on final sign off to be able to talk about detailed design
- Virtual Clusters based approach: Similar to Rancher KV3, proposing analysis of KV3 vs virtual cluster

Call for super specific multi-tenancy use cases - add yours here!

Financial Services User Group: Security Profile request: we have two “best practices” profile docs in rough draft/incomplete form, contributions welcome:
- Single user: https://github.com/kubernetes-sigs/multi-tenancy/pull/28
- Multi-tenant cluster: https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/profiles/profile-soft-multitenancy-s1.md

Working meeting to begin the design of the Tenancy CRD v2.

- Tenancy CRD v2 planning and update from Sanjeev Rampal
- Update from Yushiro Furukawa and team on their coredump feature
https://drive.google.com/file/d/1vYmcxYDPG7HxMVautB-GVxIswEVbC1dc/view

Agenda/notes:
- Co-chair announcements: Sanjeev Rampal is new co-chair!
- Yushiro Furukawa is going to present his coredump feature. How do you make sure the correct users can access their logs in a multi-tenant cluster?
- Kural to discuss Tenant resource quota feature request/proposal in Tenant controller PoC https://wiki.onap.org/display/DW/ONAP+Cloud+Native+Multi+tenancy+proposal#ONAPCloudNativeMultitenancyproposal-ResourcequotaproposalforthetenantCRD

Self-nominations for co-chair:
- Would you like to be the next co-chair of the working group? Attend the meeting, introduce yourself, and say a few words about why you'd be interested! I'm also happy to talk to anyone offline who would like more info about the role
-- Self-nominate slides (Harry): https://speakerdeck.com/resouer/self-nominate-wg-multitenancy-lei-harry-zhang

Further discussion of Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)

Tom Runyon has built a multitenant manager for a client of his that is similar to the proposed Tenant CRD, except it:
- Runs on Openshift so he could leverage ClusterResourceQuotas
- Manages tenants across multiple clusters
- He will go over his requirements and walk through a couple pieces of his implementation
-- https://docs.google.com/presentation/d/1x9Db5NGkvj1hzWsUKP4bTlKWWp-830A9VPOR4BDHyic/edit?usp=sharing

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Reenforce Kubernetes Image Isolation in Multi-Tenant Service - Eric Lin, Alibaba

Serverless Computing is one of the fast-evolving technologies in Public Cloud nowadays, such as AWS fargate, Azure ACI. However, this introduces various isolation challenges as multiple tenants could share the same physical server. This talk introduces one of the key isolation issues while using k8s as a public multi-tenant service. The isolation issues within this talk are particularly focused on the image. K8s is a great project that aggregates a large number of computing nodes and providing container service to tenants, which also provides very basic isolation features. However, the isolation is still not good enough to serve the public cloud scenario. There are some flaws existing in both k8s and its dependency containerd. And in this talk, we will go through the causes of these flaws and how we fix and feedback it to upstream

https://sched.co/MPdE

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Deep Dive: Kubernetes WG for Multitenancy - Sanjeev Rampal, Cisco & Ryan Bezdicek, Cray, Inc.

The deep dive will be an interactive session to discuss the status of multitenancy in kubernetes, run unconference style, with attendees proposing topics of conversation and participating in a group conversation about the most popular topics. We will discuss the on-going work the multitenancy working group is working on and more future focused issues around the various SIGs that have a vested interest in multitenancy.

https://sched.co/MPjr

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Panel Discussion: Multi-Tenancy in Kubernetes: Current State and Future Roadmap - Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Erica von Buelow, Red Hat; and Tasha Drew, VMware

Kubernetes doesn’t currently formally support the notion of multi-tenancy. However, many companies today are using Kubernetes to provide ad hoc multi-tenant solutions, to share kubernetes cluster resources between multiple independent teams. In this panel, we will have a discussion with a mix of experts on this topic including panelists from kubernetes users, open source community contributors, vendors and providers. The panel will discuss both soft and hard multi-tenancy models and will cover solutions that are available today (such as pod security policies and rbac) as well as new features being developed by the community Multi-tenancy working group and related work such as Kata containers. Importantly we will have an open discussion between panel members and audience on requirements and issues related to end to end aspects of multi-tenancy in real world deployments.

https://sched.co/MPcY

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Intro: Kubernetes WG for Multitenancy - Tasha Drew, VMware

This presentation will be an overview of the work the multitenancy group has been doing, defining soft and hard multitenancy and reviewing the project plan for addressing both that the working group is putting forward. We will explain how people new to the working group can get engaged and review the various KEPs that the working group is involved with.

https://sched.co/MPiD

May 8, 2019, 11am - Noon (Pacific Time)
To be discussed at this meeting:
- Discuss alternative solutions to the Tenancy CRD (By Yisui Hu, Google)
-- Read them at the end of this doc: https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.r5a9ppuyrmye
- Discuss the fundamental tenancy concept (KEP?) (By Yisui Hu, Google)
-- https://drive.google.com/open?id=1ddx7UAEPKFPldBh_diksYO4WZXSHDUhm-e6hyNNGYVU
- Propose Virtual Cluster Based Multi-tenancy Solution (By Fei Guo, Alibaba)
-- https://docs.google.com/document/d/1EELeVaduYZ65j4AXg9bp3Kyn38GKDU5fAJ5LFcxt2ZU/edit#heading=h.7tna1yo4dzv (This has been presented to David/Dawn/Daniel)

Notes:
- Multitenancy Repo has a links repo now with all our docs etc in a single place to help with discoverability
https://github.com/kubernetes-sigs/multi-tenancy/blob/master/docs/links.md

Agenda: Discuss Tenancy CRD
Notes:
- Demo by Yisui Hu (@easeway)
- Review of open questions raised by prototype
- Kubernetes Tenant CRD (includes overview of CRD and open questions): https://docs.google.com/document/d/1hpJX5O_siMmNGMvIHvz8Pm7XOjJLz5g57XWrgwWarFw/edit#heading=h.c0uts5ftkk58
-- Leave comments here for suggested approaches to open questions etc
- All code and links to docs etc can always be found in the github repo: https://github.com/kubernetes-sigs/multi-tenancy/
- Tenancy CRD proof of concept: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/poc/tenant-controller
-- Open issues here for suggested features, extensions, changes, etc

Notes and agenda doc for all meetings: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

To be discussed at this meeting:
- Approved project plan
- Tenancy CRD: discussion moved to next meeting (April 23)
- New project tracker
- Moving forward with the work identified in our project plan

Notes:
- New kubernetes-sig working space: https://github.com/kubernetes-sigs/multi-tenancy
- Project tracker on github: https://github.com/kubernetes-sigs/multi-tenancy/projects/1
- Project Plan: https://docs.google.com/document/d/1U8RQQmTUjxgMZY05HG2f7b3KsB94BhK4Ko6aWbLNXcc/edit#heading=h.usecunpmfu3a
- Next up: security profiles for both a single tenant cluster and a soft multitenant cluster. Please volunteer to work on this either via the github project or the mailing list.
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/3
-- https://github.com/kubernetes-sigs/multi-tenancy/issues/5

See full notes from all meetings here: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

Discussion of draft project plan for the multitenancy working group. Document is open for comments here: https://docs.google.com/document/d/1U8RQQmTUjxgMZY05HG2f7b3KsB94BhK4Ko6aWbLNXcc/edit?usp=sharing

Discussion of the proposed project plan here: https://docs.google.com/presentation/d/1dsAsVm8kCA9Dx9_gMEYeJL7pduAbnfnxT9lhbyCvHDg/edit#slide=id.p9

Working Group Multitenancy Meeting Notes/Agenda
When: Biweekly on Tuesdays at 11am Pacific Time (opposite weeks of sig-auth on Wednesdays)

Working Group Multitenancy Info: https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md

Charter: https://docs.google.com/document/d/1SkVdOPR4jozYDT8ro51hU3yrf1sHS8Gez73xM3PCsVo/edit

Sanjeev Rampal goes over working group doc generated from in person meeting at Kubecon

Agenda:
Multitenancy Working Group Proposal:
- Motivation
- Models/profiles of multitenancy overview
- Commonly asked questions and proposed answers
- Detailed proposal for each model of multitenancy with sample configs and proposed work items
- Action Items and Next Steps
- Timelines

Presentation: https://docs.google.com/presentation/d/1dsAsVm8kCA9Dx9_gMEYeJL7pduAbnfnxT9lhbyCvHDg/edit#slide=id.p1

December 12, 2018 - Kubernetes Multitenancy Working Group Meeting.

Agenda:
- Yisui Hu will go over outstanding KEPs:
-- Namespace population
-- Security profiles

Notes:
- Namespace Population KEP https://github.com/kubernetes/community/pull/2052
- KEP: Namespace Initializer https://github.com/kubernetes/enhancements/pull/645
-- Presented in SIG-API Machinery twice, agreed to move forward by pinging all reviewers for explicit comments
-- Next step: namespace initializers upstream contribution
- Conformance: we need to get an explanation of what conformance end to end tests can and can’t include

Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit#

Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit

Agenda and Notes https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit

Agenda and Notes: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit

Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit

Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit

Notes and Agenda: https://docs.google.com/document/d/1fj3yzmeU2eU8ZNBCUJG97dk_wC7228-e_MmdcmTNrZY/edit