Zero-Trust Multi-Tenancy: vCluster + Cilium Across Hybrid Cloud

Multi-tenancy on Kubernetes typically relies on namespace isolation, RBAC and network policies, but these layers assume a trusted cluster control plane. A compromised workload can still impersonate legitimate
traffic: same cluster, same network identity, no cryptographic
proof of "who's calling whom."
This talk proposes a solution through a push towards a Zero Trust hybrid-cloud architecture model, where every workload interaction is cryptographically verified, not just enforced by policy.

Participants will see a working implementation featuring:
- isolated tenant vClusters on shared EKS infrastructure (extends 2025 CND Romania vCluster CI/testing talk)
- transparent end‑to‑end mTLS via Cilium’s eBPF data plane;
- zero‑trust, identity‑aware policies spanning cluster boundaries with ClusterMesh, without VPN overhead;
- deep traffic and identity visibility via Hubble;
- GitOps automation with ArgoCD and Kustomize.

Participants will understand the benefits of multi-tenancy economics on shared cloud infrastructure, why vCluster + Cilium outperform heavyweight service meshes operationally, how to extend Zero Trust across hybrid infrastructure, and gain an insight into development and day‑to‑day operations at Vodafone, through reusable GitOps templates.

This talk is aimed at both platform teams building secure multi-tenant Kubernetes clusters and deployment teams managing workloads across hybrid environments.