Skip to content

[EPIC] - Tenant Isolation #876

Open
Epic
1 of 2 issues completed
Open
[EPIC] - Tenant Isolation#876
Epic
1 of 2 issues completed
Labels
backlogReady for sprint planning; triggers project additionfeatureneeds-refinementNeeds scoping before implementationsync-internal
@IvoGoman

Description

@IvoGoman
IvoGoman
opened on Feb 4, 2025

Description

Isolation between organizations is done via Kubernetes namespaces in the Greenhouse cluster.

This imposes difficulties:

  • CRDs cannot be upgraded for individual organizations but for the whole cluster
  • Organizations do not have full permissions on Workload resources in their namespace
  • Greenhouse RBAC uses mapped subjects, which may not be unique between org namespaces
  • Workload running in central cluster may be misconfigured & resources intensive

The ADR cloudoperators/documentation#1 started the discussion and should be considered.

Objectives

  • ADR
  • ... tdb

Acceptance Criteria

  • Criterion 1
  • Criterion 2
  • Criterion 3

Dependencies

  • Dependency 1
  • Dependency 2
  • Dependency 3

Additioinal Notes

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogReady for sprint planning; triggers project additionfeatureneeds-refinementNeeds scoping before implementationsync-internal

    Type

    Epic

    Projects

    Greenhouse Core Roadmap

    Status

    Sprint Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions