Open Diogo-Ferreira opened 6 years ago
Hi there! Sounds like a good idea, I think this could include secrets refactoring so it doesn't query all secrets but watch whatever secrets are available for it.
Hello @rusenask ,
Is there any forward about this features ? It would be very helpful :)
hi @NicolasLemince, sorry, at the moment there's just no spare time to work on features
Hello @rusenask I created a PR to allow to use a restricted namespace => https://github.com/keel-hq/keel/pull/614/ Maybe it can help :)
@Diogo-Ferreira Can you explain why this can't simply be solved by using ad hoc RBAC role (which always sets permissions within a particular namespace cf. Role and ClusterRole)? Meaning, restricting (or in your case specifying) particular namespace(s), should only be a matter of having or not Roles to be defined, right ?
That being said, https://github.com/keel-hq/keel/blob/946501ed63724d5c9a35b3beb840501340c8acac/internal/k8s/watcher.go#L34
will only be allowed to watch what RBAC allows it to, right ?
It will be good to specify the namespaces that keel will watch. A use case would be when working on a cluster shared by many teams, and/or you don't have the rights to have a ClusterRole.
https://github.com/keel-hq/keel/blob/946501ed63724d5c9a35b3beb840501340c8acac/internal/k8s/watcher.go#L34