My team runs clusters where we do not have a direct ClusterRoleBinding to the cluster-admin ClusterRole. We have granted ourselves the ability to impersonate users and set up a phony user that does have the ClusterRoleBinding. This forces us to do something akin to sudo when we want to perform risky operations.
In order to perform an administrative command, such as deleting a namespace, we can use kubectl like this:
kubectl delete ns example-ns --as phony-user
Please add support for doing user and group impersonation that leverages the standard k8s mechanisms linked above.
My team runs clusters where we do not have a direct ClusterRoleBinding to the cluster-admin ClusterRole. We have granted ourselves the ability to impersonate users and set up a phony user that does have the ClusterRoleBinding. This forces us to do something akin to sudo when we want to perform risky operations.
In order to perform an administrative command, such as deleting a namespace, we can use kubectl like this:
Please add support for doing user and group impersonation that leverages the standard k8s mechanisms linked above.