I replaced Kamaji's tenant control plane and shelved vcluster in favour of two custom controllers — aether-operator and aether-controllers — with cert-manager driving the entire PKI. Here is why.
Multi-tenant Kubernetes isolation is the hardest unsolved problem in the ecosystem. Here is why I don't trust any single layer to solve it, and what seven layers working together actually looks like.
I am building a managed Kubernetes platform from scratch on Proxmox with Kamaji, Talos and Cilium. Getting the first tenant worker to join took two days and 17 things broke along the way. Here is what went wrong and how I fixed it.
I am building a managed Kubernetes platform and needed a control plane that is architecturally unreachable — not just firewalled. Here is how Kamaji runs customer API servers as pods inside a management cluster, and how Envoy routes traffic to them without ever terminating TLS.
Easily secure your Kubernetes apps with TLS using this step-by-step guide. Configure the Gateway API, Cilium, and Cert-Manager for HTTPS access. Simple instructions and code examples make setup a breeze.