this is super ♨️ btw. Love the user of kubernets namespace for isolation on "shared" infra

namespaces don’t provide much isolation by themselves beyond secrets, but i definitely want to lock down each tenant. it would be great if each customer’s workloads could assume a hostile cluster.

I really like what cilium is doing, have you poked at that yet? Seems very promising