adr: Add ADR on multi tenancy using namespace based customer isolation #41

Merged
johnride merged 1 commits from adr/multi-tenancy into master 2025-05-26 20:26:37 +00:00
Owner
No description provided.
johnride added 1 commit 2025-05-26 15:57:24 +00:00
Author
Owner

I like this solution for now, I think the best solution would be a dedicated cluster per tenant but it makes sense why we can't.
I think the proposed solution works for our current scale. But the public API with more auth could also make sense, but I can see the arguments against it.

  • Taha on discord

Yeah about the last point on public API, I think it's the correct mid to long term solution.

But for now, we much reduce the attack surface by not exposing the OKD console and K8s API publicly. A wireguard VPN scales well, has very low resource overhead and is a great single entry point to access all the customer facing services without having to worry about hardening each of them so much.

> I like this solution for now, I think the best solution would be a dedicated cluster per tenant but it makes sense why we can't. > I think the proposed solution works for our current scale. But the public API with more auth could also make sense, but I can see the arguments against it. > > - Taha on discord Yeah about the last point on public API, I think it's the correct mid to long term solution. But for now, we much reduce the attack surface by not exposing the OKD console and K8s API publicly. A wireguard VPN scales well, has very low resource overhead and is a great single entry point to access all the customer facing services without having to worry about hardening each of them so much.
johnride merged commit 6e7148a945 into master 2025-05-26 20:26:37 +00:00
johnride deleted branch adr/multi-tenancy 2025-05-26 20:26:37 +00:00
Sign in to join this conversation.
No reviewers
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: NationTech/harmony#41
No description provided.