Open alban opened 5 years ago
Some comments / ideas from my side:
(1) Above sounds like a good idea which might complement my other idea (see separate ticket) (2) I don't fully understand. Do you want to prevent this in general or just for service accounts? It appears to make a lot of sense for the latter but not for users / groups. It would also break a lot of admittedly bad behaviour - so it would probably be quite good to do that :-) (3) I believe we should not try to restrict what people put into config maps...
re (2): I was thinking of service accounts indeed.
Some policies to consider:
aws_secret_access_key=