How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD

The presentation discusses the benefits of using virtual Argo CD instances for managing Kubernetes clusters and how it is implemented in the Codefresh platform.

• Virtual Argo CD instances provide one-click installation, zero configuration, and flexibility in managing multiple instances and Kubernetes versions.
• Codefresh uses a centralized setup that is cost-effective, allows for security isolation, and enables testing of new versions without affecting other customers.
• Monitoring is done using Prometheus and Grafana stacks, as well as a proprietary exporter.
• A demo is provided to show how virtual Argo CD instances are provisioned and deprovisioned.

During the presentation, the speaker shared an anecdote about a developer who accidentally ordered half a dozen pizzas through the Domino's API due to a mistake. This highlights the importance of proper management and monitoring of resources, which can be achieved through virtual Argo CD instances.

What do you do when RBAC with namespaces aren’t enough to meet your multi-tenancy needs? Namespaces are easy to implement but they generally do not provide the level of isolation that is needed when working with external users. Instead of running multiple clusters, which are complex to manage, hard to scale and often costly, we turned to vCluster. vCluster is an open source project that allows you to create virtual clusters in any Kubernetes cluster. Virtual clusters enjoy higher isolation than simple namespaces and can also be used for cluster level resources like CRDs without any versioning conflicts. Using virtual clusters in the Codefresh’s hosted GitOps platform that is powered by thousands of Argo instances we enabled high isolation between tenants while lowering the cost of application multi-tenancy. For most companies, multi-tenancy means supporting multiple teams within an organization, or perhaps a partner. For us, multi-tenancy means providing access to the general public. We needed to go deeper than RBAC, namespaces, and auditing. In this end-user talk, we’ll share how we leveraged vCluster, Crossplane, and Argo CD to approach multi-tenancy, scale, and security in a totally GitOps fashion. You’ve never seen vCluster scale like this before!