// the find
fluxcd/flux2-multi-tenancy
Manage multi-tenant clusters with Flux
A reference implementation for running multi-tenant Kubernetes clusters with Flux v2. Platform admins manage a fleet repo with per-tenant namespaces, RBAC, and GitOps sources; tenants get their own Git repo and can deploy only within their namespace boundaries. This is the official FluxCD example, not a library you install.
The admission policy layer using native Kubernetes ValidatingAdmissionPolicy (CEL) is well thought out — restricts source URLs to org-controlled prefixes, blocks bucket sources, prevents tenants from targeting remote clusters via kubeconfig. The staging/production overlay split is clean and the dependsOn ordering (policies before tenants) is the right call so policies are always enforced before tenant resources land. SOPS + Age for encrypting secrets in Git is the right pattern and the instructions are complete enough to actually follow. The e2e workflow spins up a real Kind cluster rather than just linting YAML.
This is a template repo, not a tool — you're forking and adapting YAML, which means your fork immediately diverges and you get no upstream improvements. There's no guidance on what happens when you need to remove a tenant (prune: true helps but cascading failures from dependent resources aren't addressed). The SOPS key rotation story is absent entirely: the Age private key lives in a single cluster secret with no documented rotation path, which is a real operational gap. The Flux Operator bootstrap path is underspecified compared to the CLI path — just points you at external docs rather than showing the auth configuration inline.