When using Kurtosis on k8s, who else has access to my services?

[leeederek]

If I deploy my enclave to a Kubernetes cluster that my team maintains, will anyone with admin/write permissions to that namespace be able to manipulate my enclave using Kurtosis CLI commands? I know that Kurtosis does not currently support exposing container ports (within an enclave) to the public internet but I was wondering if I could use Kurtosis as a shared dev environment.

[mieubrisse]

Yes; Kurtosis is currently relying on the Kubernetes cluster's AuthZ model, so anybody who's able to connect to the Kurtosis engine via kurtosis context will have access to all enclaves in the Kurtosis cluster. In the future, we want to make this permissioning model more granular so that each Kurtosis engine has knowledge of multiple Kurtosis users (which might correspond 1:1 with a Kubernetes user), and Kurtosis allows users to share & grant enclave permissions freely.

[leeederek]

Thanks @mieubrisse - going to re-open this because the default view for discussions is open discussions only. I believe marking this question as answered is good enough to indicate to someone that this is where they can go to find the answers to their questions.