restrict reflector action scope to a list of namespaces

emberstack / kubernetes-reflector

Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.

MIT License

1.03k stars 91 forks source link

restrict reflector action scope to a list of namespaces #452

Open fabiomarinetti opened 2 months ago

fabiomarinetti commented 2 months ago

Hi,

for security reason it could be great if reflector restricts its operational range within a set of namespaces. I tried to achieve this by defining one different rolebinding for each namespace instead of using a clusterrolebinding, but seemed not to work.

Is there a possibility to achieve this with the current code level?

NeodymiumFerBore commented 1 month ago

Also interested in this feature, like a command arg and/or an environment variable to restrict which namespaces should be watched for source Secrets (coma separated list). As of now, anyone can flood the cluster by creating Secrets reflected to all namespaces.

If this is already possible (without custom admission control), can you please explain how? Thank you.