Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
Wednesday, December 12 • 1:45pm - 2:20pm
Defining Mutli-Tenant Access Controls for a Cluster - Anund McKague, Atlassian

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
What we've learned while building an internal PaaS allowing automated self service access to our multi-tenant clusters. Teams have access to create service based namespaces on demand. Beginning with how users authenicate via our open source cli tool connecting ldap and 2fa, continuing through our use of authentication webhooks, on to our use of authorization webhooks and RBAC, and finishing with how we manage creation of dynamic RBAC based roles.

Talk will touch on authentication webhooks, github.com/atlassian/kubetoken, mutating and validating webhooks, api servers as proxies to internal services, managing rbac roles and dynamic creation of role bindings, along with some of the security implications of cluster roles and cluster role bindings.

avatar for Anund McKague

Anund McKague

Senior Developer, Atlassian
Anund is Senior Developer at Atlassian. He works on migrating an internal bespoke PaaS to one based on Kuberentes. Never afraid to dig in at any level of the stack. Manager for a few open source projects at Atlassian.

Wednesday December 12, 2018 1:45pm - 2:20pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building