Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

restrict reflector action scope to a list of namespaces #452

Open
fabiomarinetti opened this issue Jun 18, 2024 · 1 comment
Open

restrict reflector action scope to a list of namespaces #452

fabiomarinetti opened this issue Jun 18, 2024 · 1 comment

Comments

@fabiomarinetti
Copy link

Hi,

for security reason it could be great if reflector restricts its operational range within a set of namespaces. I tried to achieve this by defining one different rolebinding for each namespace instead of using a clusterrolebinding, but seemed not to work.

Is there a possibility to achieve this with the current code level?
@NeodymiumFerBore
Copy link

Also interested in this feature, like a command arg and/or an environment variable to restrict which namespaces should be watched for source Secrets (coma separated list). As of now, anyone can flood the cluster by creating Secrets reflected to all namespaces.

If this is already possible (without custom admission control), can you please explain how? Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NeodymiumFerBore @fabiomarinetti