Skip to content

[EPIC] - Tenant Isolation #876

New issue
New issue
Open
Epic
0 of 2 issues completed
Open
[EPIC] - Tenant Isolation#876
Epic
0 of 2 issues completed
Labels
backlogIssues that are part of the backlogfeature
@IvoGoman

Description

@IvoGoman
IvoGoman
opened on Feb 4, 2025

Description

Isolation between organizations is done via Kubernetes namespaces in the Greenhouse cluster.

This imposes difficulties:

  • CRDs cannot be upgraded for individual organizations but for the whole cluster
  • Organizations do not have full permissions on Workload resources in their namespace
  • Greenhouse RBAC uses mapped subjects, which may not be unique between org namespaces
  • Workload running in central cluster may be misconfigured & resources intensive

The ADR cloudoperators/documentation#1 started the discussion and should be considered.

Objectives

  • ADR
  • ... tdb

Acceptance Criteria

  • Criterion 1
  • Criterion 2
  • Criterion 3

Dependencies

  • Dependency 1
  • Dependency 2
  • Dependency 3

Additioinal Notes

No response

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogIssues that are part of the backlogfeature

    Type

    Epic

    Projects

    Greenhouse Core Roadmap

    Status

    Sprint Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions