SlideShare a Scribd company logo

How to Avoid Kubernetes Multi-tenancy Catastrophes

Weaveworks, profile picture
Weaveworks

This document summarizes a webinar about implementing multi-tenancy in Kubernetes without catastrophes using GitOps. It recommends 5 easy steps: 1) implement a zero trust posture, 2) apply least privilege practices, 3) use policies to enforce governance, 4) leverage GitOps audit capabilities, and 5) reduce the blast radius. The webinar discusses how Weaveworks' Workspaces product establishes boundaries and defines access controls to securely support multiple teams deploying applications.

Technology
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Avoid Kubernetes Multi-Tenancy Catastrophes in 5 Easy Steps
2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
3 Joe Dahlquist VP of Product Marketing, Weaveworks Joe Dahlquist leads product marketing at Weaveworks. An accomplished product leader with over 20 years of experience in PM and PMM roles, Joe has worked on software, hardware, and services products that have delighted millions of users and partners in cybersecurity, consumer electronics, financial services, access control, and more. Speaker introductions David Stauffer Senior Product Manager, Weaveworks David Stauffer is a Senior Product Manager at Weaveworks. For David, the most exciting job in the world is building the right product for the customer. Passionate about any and all end-users, he has experience working in different startups across the globe. He has worked on making the edge real through Kubernetes and working in the GSMA aligning on the architectural design for a federated edge.
Weaveworks is backed by amazing teams Weaveworks partners with all the major infrastructure and Kubernetes vendors We’re the GitOps Company Weaveworks is deeply committed to the Open Source Community
Confidential do not distribute Financial Services Companies Doing GitOps with Weaveworks Technology Other Industries
● Tenancy is ubiquitous ● Catastrophes can occur ● You can get it right ● 5 easy steps how to do it Tenancy in Weave GitOps Enterprise
7 WTF is Tenancy and why is it needed? ● A person, place or thing? ● Team? ● Application? Tenancy in the World of GitOps
8 ● Many ways to handle Tenancy in Kubernetes, which is right for you? ● Defining overall Tenancy posture can get really complicated ○ Companies need end-to-end tenancy solution ○ Granular control over all the moving parts ○ Policies, RBAC, Isolation, and more Tenancy in the World of GitOps
● Some real world examples Getting it Wrong can be Catastrophic
10 1. Implement a Zero Trust posture 2. Apply Least Privilege Practices 3. Use Policies to Enforce Governance 4. GitOps Audit Capabilities 5. Reduce the Blast Radius 5 Easy Things You Can Do
11 ● Implement a Zero Trust posture ○ Trust nothing, verify everything ○ Neighbours can be noisy ○ Flux is your gate/root of trust 5 Easy Things You Can Do 1
12 ● Apply Least Privilege Practices ○ Permissions and Role management ○ Distrust until proven otherwise ○ Continuous assessment 5 Easy Things You Can Do 2
13 ● Use Policies to Enforce Governance ○ Audit vs. Admission ○ Policy as Guardrails ○ Control Sources and Configs 5 Easy Things You Can Do 3
14 ● GitOps Audit Capabilities ○ Git history ○ Git gate to your cluster ○ Change control and checks 5 Easy Things You Can Do 4
15 ● Reduce the Blast Radius ○ Do all of the above… ○ Secrets rotation ○ Isolation (not all in one git repo) 5 Easy Things You Can Do 5
16 ● Workspaces establishes boundaries, defines what can be deployed by whom ● Creates trusted Workspaces for application teams ● Protects sensitive environments ● Adds governance and compliance Workspaces in Weave GitOps Namespace Policy Role RoleBinding
17 Team Workspaces gives the power to define: ● Access to sources ( Git repos, Helm repos, Buckets etc ) ● Access to targets ( Cluster + namespaces ) ● Definition of what can get deployed ( examples: Roles, Network Policies, Deployments, ... ) ● Use/set the correct Service Account and Role + Rolebindings Workspaces in Weave GitOps
18 ● Workspaces empowers app dev teams to go much faster ● Enables multiple DevOps teams to work seamlessly together ● Enables DevOps teams to focus on their area of concern ● Protects sensitive environments Result: Race Car with Seatbelts
19 Confidential do not distribute Questions? Please use the Q&A panel in your Zoom menu
20 Whitepaper: Trusted Application Delivery https://bit.ly/3A0JMOe Learn more about Weave GitOps www.weave.works/enterprise and a 5 min demo https://youtu.be/aqJaHNCz2lM Request a personal demo www.weave.works/contact Thank You

More Related Content

PDF
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
PDF
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
PDF
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
PDF
DX, Guardrails, Golden Paths & Policy in Kubernetes
Weaveworks
 
PDF
Free GitOps Workshop
Weaveworks
 
PDF
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
CezzaineZaher1
 
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
DX, Guardrails, Golden Paths & Policy in Kubernetes
Weaveworks
 
Free GitOps Workshop
Weaveworks
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
CezzaineZaher1
 

Similar to How to Avoid Kubernetes Multi-tenancy Catastrophes (20)

PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
PDF
Security: The Value of SBOMs
Weaveworks
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
PDF
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
PDF
Gitops Hands On
Brice Fernandes
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PDF
GitOps with GitHub Actions & Flux by Kingdon Barrett
Weaveworks
 
PDF
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
PDF
From Zero to GitOps Heroes
Weaveworks
 
PDF
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
PDF
Get Started with Flux
Weaveworks
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
PDF
Delivering Quality at Speed with GitOps
Weaveworks
 
PDF
Simplifying Hybrid EKS
Weaveworks
 
PDF
20221130 - Luxembourg HUG Meetup
Stéphane Este-Gracias
 
PDF
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
PDF
Intro to GitOps & Flux.pdf
Weaveworks
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
Security: The Value of SBOMs
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Gitops Hands On
Brice Fernandes
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
GitOps with GitHub Actions & Flux by Kingdon Barrett
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
From Zero to GitOps Heroes
Weaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
Get Started with Flux
Weaveworks
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
Delivering Quality at Speed with GitOps
Weaveworks
 
Simplifying Hybrid EKS
Weaveworks
 
20221130 - Luxembourg HUG Meetup
Stéphane Este-Gracias
 
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
Intro to GitOps & Flux.pdf
Weaveworks
 
Ad

More from Weaveworks (20)

PDF
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
PDF
Six Signs You Need Platform Engineering
Weaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
PDF
Building internal developer platform with EKS and GitOps
Weaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
PDF
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
PDF
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
PDF
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
PDF
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
PDF
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
PPTX
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
PDF
KubeCon 2022 EU Flux Security.pdf
Weaveworks
 
PDF
KubeCon EU 2022 Istio, Flux & Flagger.pdf
Weaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
KubeCon 2022 EU Flux Security.pdf
Weaveworks
 
KubeCon EU 2022 Istio, Flux & Flagger.pdf
Weaveworks
 
Ad

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Approach and Philosophy of On baking technology
30anthuong17
 
Encapsulation theory and applications.pdf
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

How to Avoid Kubernetes Multi-tenancy Catastrophes

  • 2. 2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
  • 3. 3 Joe Dahlquist VP of Product Marketing, Weaveworks Joe Dahlquist leads product marketing at Weaveworks. An accomplished product leader with over 20 years of experience in PM and PMM roles, Joe has worked on software, hardware, and services products that have delighted millions of users and partners in cybersecurity, consumer electronics, financial services, access control, and more. Speaker introductions David Stauffer Senior Product Manager, Weaveworks David Stauffer is a Senior Product Manager at Weaveworks. For David, the most exciting job in the world is building the right product for the customer. Passionate about any and all end-users, he has experience working in different startups across the globe. He has worked on making the edge real through Kubernetes and working in the GSMA aligning on the architectural design for a federated edge.
  • 4. Weaveworks is backed by amazing teams Weaveworks partners with all the major infrastructure and Kubernetes vendors We’re the GitOps Company Weaveworks is deeply committed to the Open Source Community
  • 5. Confidential do not distribute Financial Services Companies Doing GitOps with Weaveworks Technology Other Industries
  • 6. ● Tenancy is ubiquitous ● Catastrophes can occur ● You can get it right ● 5 easy steps how to do it Tenancy in Weave GitOps Enterprise
  • 7. 7 WTF is Tenancy and why is it needed? ● A person, place or thing? ● Team? ● Application? Tenancy in the World of GitOps
  • 8. 8 ● Many ways to handle Tenancy in Kubernetes, which is right for you? ● Defining overall Tenancy posture can get really complicated ○ Companies need end-to-end tenancy solution ○ Granular control over all the moving parts ○ Policies, RBAC, Isolation, and more Tenancy in the World of GitOps
  • 9. ● Some real world examples Getting it Wrong can be Catastrophic
  • 10. 10 1. Implement a Zero Trust posture 2. Apply Least Privilege Practices 3. Use Policies to Enforce Governance 4. GitOps Audit Capabilities 5. Reduce the Blast Radius 5 Easy Things You Can Do
  • 11. 11 ● Implement a Zero Trust posture ○ Trust nothing, verify everything ○ Neighbours can be noisy ○ Flux is your gate/root of trust 5 Easy Things You Can Do 1
  • 12. 12 ● Apply Least Privilege Practices ○ Permissions and Role management ○ Distrust until proven otherwise ○ Continuous assessment 5 Easy Things You Can Do 2
  • 13. 13 ● Use Policies to Enforce Governance ○ Audit vs. Admission ○ Policy as Guardrails ○ Control Sources and Configs 5 Easy Things You Can Do 3
  • 14. 14 ● GitOps Audit Capabilities ○ Git history ○ Git gate to your cluster ○ Change control and checks 5 Easy Things You Can Do 4
  • 15. 15 ● Reduce the Blast Radius ○ Do all of the above… ○ Secrets rotation ○ Isolation (not all in one git repo) 5 Easy Things You Can Do 5
  • 16. 16 ● Workspaces establishes boundaries, defines what can be deployed by whom ● Creates trusted Workspaces for application teams ● Protects sensitive environments ● Adds governance and compliance Workspaces in Weave GitOps Namespace Policy Role RoleBinding
  • 17. 17 Team Workspaces gives the power to define: ● Access to sources ( Git repos, Helm repos, Buckets etc ) ● Access to targets ( Cluster + namespaces ) ● Definition of what can get deployed ( examples: Roles, Network Policies, Deployments, ... ) ● Use/set the correct Service Account and Role + Rolebindings Workspaces in Weave GitOps
  • 18. 18 ● Workspaces empowers app dev teams to go much faster ● Enables multiple DevOps teams to work seamlessly together ● Enables DevOps teams to focus on their area of concern ● Protects sensitive environments Result: Race Car with Seatbelts
  • 19. 19 Confidential do not distribute Questions? Please use the Q&A panel in your Zoom menu
  • 20. 20 Whitepaper: Trusted Application Delivery https://bit.ly/3A0JMOe Learn more about Weave GitOps www.weave.works/enterprise and a 5 min demo https://youtu.be/aqJaHNCz2lM Request a personal demo www.weave.works/contact Thank You