Closed corneliusweig closed 5 years ago
Currently, the access matrix for a service account has to be generated by
rakkess --as system:serviceaccount:ingress-nginx:nginx-ingress-serviceaccount -n ingress-nginx
The user string system:serviceaccout:<namespace>:<service-account> is quite complicated and makes it hard to use.
system:serviceaccout:<namespace>:<service-account>
Make it possible to specify the service-account in a simplified way, e.g.
rakkess --as-service-account nginx-ingress-serviceaccount -n ingress-nginx
It should be an error to specify --as-service-account without the --namespace option, because SAs are namespaced.
--as-service-account
--namespace
Overview
Currently, the access matrix for a service account has to be generated by
The user string
system:serviceaccout:<namespace>:<service-account>is quite complicated and makes it hard to use.Goal
Make it possible to specify the service-account in a simplified way, e.g.
It should be an error to specify
--as-service-accountwithout the--namespaceoption, because SAs are namespaced.