4

We provide kubernetes cluster for many users, the separation between applications by namespace.

For deploy use kubernetes-helm. There are situations when we need to close the opportunity to deploy the app in the cluster. One option is to change permissions for default sa (which the use kubernetes-helm).

How else can solve?

Dan Kohn
  • 33,811
  • 9
  • 84
  • 100
Arslanbekov Denis
  • 1,674
  • 12
  • 26
  • 1
    We are also having similar situation. Many users, many applications and separated by `namespace`. We are having `tiller` in each namespace and which can deploy only in that namespace. In this way we can more granular control – Dinesh Balasubramanian Apr 02 '19 at 03:31

1 Answers1

3

You'd use an admission controller.

Unfortunately, this might involve writing some code to manage it. There are tools out there that help, like Open Policy Agent

jaxxstorm
  • 12,422
  • 5
  • 57
  • 67