You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
for security reason it could be great if reflector restricts its operational range within a set of namespaces. I tried to achieve this by defining one different rolebinding for each namespace instead of using a clusterrolebinding, but seemed not to work.
Is there a possibility to achieve this with the current code level?
The text was updated successfully, but these errors were encountered:
Also interested in this feature, like a command arg and/or an environment variable to restrict which namespaces should be watched for source Secrets (coma separated list). As of now, anyone can flood the cluster by creating Secrets reflected to all namespaces.
If this is already possible (without custom admission control), can you please explain how? Thank you.
I think the ability to use namespace-scoped RoleBindings would be preferable. Having a service account with the ability to read all secrets on the cluster based on permissions is very bad for secure workloads
Hi,
for security reason it could be great if reflector restricts its operational range within a set of namespaces. I tried to achieve this by defining one different rolebinding for each namespace instead of using a clusterrolebinding, but seemed not to work.
Is there a possibility to achieve this with the current code level?
The text was updated successfully, but these errors were encountered: