rriski
commented
1 month ago Hey @iul1an, thanks for raising the issue and for the contribution! Controlling operator access to a subset of namespaces is valuable and something we would like to support. We'll prioritise reviewing the contribution in the near future.
By default, the Aiven Operator is configured to discover resources, including Kubernetes secrets, across the entire cluster. To minimize the potential attack surface and enhance security, I would like to be able to restrict the Aiven Operator's access to only specific Kubernetes namespaces. This targeted access control helps limit the operator's permissions, ensuring it can only interact with the resources within the designated namespaces, thereby reducing the risk of unauthorized access or exposure of sensitive data.