Security in general is a bit lacking in k8s, though with RBAC in 1.6 and encrypted Secrets in 1.7, it seems they are working hard to make things better.
In GKE I just use one cluster per permission domain, which is fine for one team (and 2-3 permission domains), but obviously for large orgs would be a massive headache.
In GKE I just use one cluster per permission domain, which is fine for one team (and 2-3 permission domains), but obviously for large orgs would be a massive headache.