|
|
|
|
|
|
by mdaniel
2724 days ago
|
|
|
> Maybe this should be fixed at the k8s level. FWIW, it has been: RBAC allows you to strip -- or I guess pragmatically speaking, not assign -- rights at whatever level of granularity you have the patience to maintain. It is also bright enough to do that per Namespace, so going light on the ClusterRoleBindings and keeping things out of the "production-db" Namespace would likely go a long way toward addressing the risk you are describing |
|
|