search

FairwindsOps / rbac-manager

A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
https://fairwinds.com
Apache License 2.0
1.48k stars 117 forks source link

Add ability to set per-binding custom labels #494

Open bkrein-vertex opened 1 month ago

bkrein-vertex commented 1 month ago

Is your feature request related to a problem? Please describe. I would like to be able to filter groups of RoleBindings created by rbac-manager based on labels. While it is possible to define custom labels to be set on ALL generated RoleBindings there doesn't appear to be a way to define labels on specific RoleBindings.

Describe the solution you'd like I think supporting an additional field in the rbacBindings list objects could provide this ability: 

rbacBindings:
  - name: my-rolebinding
    labels: 
      custLabel1: foo
      custLabel2: bar
    roleBindings: 
      - ... 
    subjects: 
      - ...

To result in something like this: 

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: my-rolebinding
  labels: 
    rbac-manager: reactiveops   # Default 
    custLabel1: foo             # Custom 
    custLabel2: bar             # Custom 
  ...
roleRef: 
  ...
subjects:
  ...