hosts:k8s:start
Services hosted on our kubernetes cluster, using k0s. The k8s0* vms listed under hosts:virtual_machines are part of this cluster.
This is a multi-tenant cluster, where we use namespace isolation. The tardis console creates namespaces on request, and assigns the user a role within that namespace.
We then use Kyverno policies to prevent privillege escalation, and to restrict the ingress routes that users can create to *.tardis.ac/*.
Most of the admin configuration is done through terraform.
hosts/k8s/start.txt · Last modified: 2023/08/30 18:32 by tcmal