Building Flux's Multi-Tenant API with K8s User Impersonation

Explore the intricacies of building multi-tenant APIs in Kubernetes using user impersonation techniques in this 21-minute conference talk by Leigh Capili from VMware. Delve into the challenges of operating Kubernetes in a multi-tenant environment and discover innovative solutions to enable safe collaboration across teams and organizations. Learn how to leverage RBAC, impersonation, and kubeConfig secrets using Flux as an example, and gain insights into creating API surfaces resistant to cross-tenant issues. Understand the limitations of policy engines like Gatekeeper and Kyverno, and explore alternative patterns for extending Kubernetes securely. Covering topics such as service accounts, in-cluster identities, and policy implementation, this presentation offers valuable techniques applicable to various projects within the Kubernetes ecosystem.

Introduction
Overview
Service Accounts
User Impersonation
InCluster Identities
Policy
Conclusion