Security / Tenant Isolation
Tenant isolation model
Multi-tenant security model for OpenBao Operator, including namespace introduction, split controller identities, admission guardrails, and network isolation.
Decision matrix
Tenant isolation pillars
| Pillar | What it protects | Primary mechanism |
|---|---|---|
| Namespace introduction | Prevents the controller from discovering or managing arbitrary namespaces. | OpenBaoTenant onboarding, explicit RoleBinding introduction, and no namespace-wide controller discovery. |
| Identity separation | Keeps provisioning and workload management from sharing a single all-powerful credential. | Split provisioner and controller identities with different RBAC scopes. |
| Admission guardrails | Blocks unsafe configuration drift and unauthorized mutation of managed resources. | Validating admission policies and managed-resource ownership rules. |
| Network isolation | Prevents cross-tenant traffic and over-broad egress by default. | Default-deny NetworkPolicy plus explicit allow rules. |
Next actions
Next release documentation
You are reading the unreleased main docs. Use the version menu for the newest published release, or check the release notes for what is already out.
Was this page helpful?
Use Needs work to open a structured GitHub issue for this page. The Yes button only acknowledges the signal locally.