marwinski
commented
5 years ago Some comments / ideas from my side:
(1) Above sounds like a good idea which might complement my other idea (see separate ticket) (2) I don't fully understand. Do you want to prevent this in general or just for service accounts? It appears to make a lot of sense for the latter but not for users / groups. It would also break a lot of admittedly bad behaviour - so it would probably be quite good to do that :-) (3) I believe we should not try to restrict what people put into config maps...
alban
Some policies to consider:
aws_secret_access_key=