Scaling Argo Security and Multi-Tenancy in AWS EKS at the New York... David Grizzanti & Luke Philips
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
ฝัง
- เผยแพร่เมื่อ 12 ก.ย. 2024
- Scaling Argo Security and Multi-Tenancy in AWS EKS at the New York Times - David Grizzanti & Luke Philips, The New York Times
Argo is an established CNCF project that helps hundreds of engineers to use Kubernetes. There are many architectural patterns for managing Argo CD and integration with various other clusters can be done in several ways. At the New York Times, the non-negotiable requirements of security and multi-tenancy are necessary to run at scale across multiple teams. Kubernetes Service Accounts and Tokens were not enough. Utilizing AWS IAM and Argo CD, the NYT Delivery Engineering team designed an architecture to create a secure and multi-tenant end-to-end solution. This includes Argo CD respecting our tenancy rules in AWS and Kubernetes, plus Argo CD Applications and Projects. Further tuning of Argo CD was done by starting with the community Helm chart and adding a post-processing step to separate out RBAC controls from the rest of the Argo CD install. Scaling challenges were also overcome with the multi-tenancy multi-cluster combination, further tuning Argo CD. Interested? Join NYT engineers to hear their architecture, challenges, solutions, and lessons learned!
