Tenant Policies for Flux2 Multi-Tenancy
Flux2 Multi-Tenancy is a project that allows different organizations and/or teams to share the same Kubernetes control plane, which is referred to as “multi-tenancy”. Flux2 supports segmentation and isolation of resources by using namespaces and role-based access control (RBAC). Flux2 defers to Kubernetes’ native RBAC to specify which operations are authorized when processing its custom resources.
Flux2 provides a multi-tenancy configuration page that describes the roles and permissions in detail: https://github.com/fluxcd/flux2-multi-tenancy. The following are the possible options and examples for each option:
Cluster Role
Flux2 provides a cluster role of the tenant role binding, which is cluster-admin by default. This can be changed using the --cluster-role flag when creating a tenant.
Example:
flux create tenant dev-team --cluster-role=edit
