{"id":19268645,"url":"https://github.com/moolen/att1c","last_synced_at":"2026-06-09T21:32:02.750Z","repository":{"id":146316725,"uuid":"338671604","full_name":"moolen/att1c","owner":"moolen","description":null,"archived":false,"fork":false,"pushed_at":"2021-02-14T00:23:35.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-23T19:46:32.016Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moolen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-13T21:17:43.000Z","updated_at":"2021-02-14T00:23:37.000Z","dependencies_parsed_at":"2023-07-02T14:30:42.265Z","dependency_job_id":null,"html_url":"https://github.com/moolen/att1c","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/moolen/att1c","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moolen%2Fatt1c","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moolen%2Fatt1c/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moolen%2Fatt1c/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moolen%2Fatt1c/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moolen","download_url":"https://codeload.github.com/moolen/att1c/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moolen%2Fatt1c/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34127343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T20:16:57.343Z","updated_at":"2026-06-09T21:32:02.730Z","avatar_url":"https://github.com/moolen.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# flux v2 multi-tenancy\n\nEvaluation of tenant-isolation by enforcing `spec.ServiceAccountName` on `Kind=Kustomization` and `Kind=HelmRelease`.\n\n## use-case\n\nDevelopment Teams should have an easy to use self-service interface to register new tenants in a platform. This is a PoC of using a simple helm chart to automate the RBAC/Namespace creation. But onboarding a team usually needs more work. E.g.:\n- pin workloads to certain worker-group\n- add annotations and labels\n- networking segmentation\n- monitoring/alerting/logging integration\n- generate policies for this particular namespace\n\n```yaml\n# this is not implemented, this is a\n# rough outline how it could look like\nteams:\n- namespace: \"tenant-a-preview\"\n  environment: \"preview\"\n  # network segmentation\n  network:\n    zone: \"tenant\" # or `system` or `shared-services`\n    egress: true # egress traffic is allowed\n    sharing: true # allowed to share services with other namespaces\n  # alerting configuration\n  alerting:\n    teams: \"http://xxx.yy.zz\"\n    email:\n    - address: oncall@acme.org\n      severity: critical\n  # monitoring configuration\n  monitoring:\n    cloudwatch: true\n    services: [\"RDS\"]\n  # logging configuration\n  logging:\n    tenant: \"default\"\n  # OPA/KYVERNO policy generation\n  policies:\n    allowed_ingress_zone: a.dev.acme.org\n  repo:\n    url: https://github.com/moolen/att1c-tenant\n    path: \"./dev/\"\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoolen%2Fatt1c","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoolen%2Fatt1c","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoolen%2Fatt1c/lists"}