Skip to main content

Multi-Tenant Security

Secure multi-tenant Kubernetes architecture

Intent

Allow multiple teams or tenants to share infrastructure without sharing admin power, network reachability, secrets, or policy bypass paths.

Key decisions

  • Identity flows through OIDC and group-based RBAC.
  • Namespace isolation includes quotas, NetworkPolicy, Pod Security, and secret boundaries.
  • Admission policy enforces guardrails before objects reach runtime.
  • Exceptions are owned, time-bounded, and auditable.

Review signals

  • Namespace owners are visible from labels or metadata.
  • Default deny is enforced consistently.
  • Audit logs can answer who changed what and when.
  • No team needs cluster-admin for daily work.