Leveraging GatewayAPI, cert-manager, external-dns, and Kong Ingress controller to provide HTTP(S)/GRPC(S) ingress access to services within a Kubernetes cluster in an automated fashion using Kubernetes resource manifests.

Once configured, we will utilize RBAC and Hierarchical Namespace controller to enforce required namespace labels, which will then be used to secure/configure Ingress hosts and routes in the context of a multi-tenanted cluster.

Infrastructure as Code has the great side-effect of allowing us to bucket our various types of infrastructure into tiers.
These tiers may divide the infrastructure in many different ways (perhaps in terms of ownership, security level, or even frequency of change). Each tier may then be treated as a distinct unit, with each tier building upon the previous, to create a cohesive and coherent architecture design.

This Lightning Talk will present a tried and tested tiering approach, which allowed us to improve our security posture, reduce IaC deployment times, reduce infrastructure sprawl, and enforce ownership; whilst giving greater freedom to our development teams to create required infrastructure quicker and safer.