1

In K8s Is there any way to access the resources within a namespaces basis labels that are attached to them.

RBAC access in K8's is primarily handled from a namespace level, so there are difficulties in adequately segmenting access to an app level. What we want to implement is restricted access to a particular team's resources basis the label that is attached to them

pooja acharya
  • 31
  • 1
  • 3
  • Why not just give team/app their own namespace and use rbac? – fredrik Jun 09 '22 at 10:44
  • The apps belonging to different teams need to interact with eachother so that might make it a bit more complicated if put in separate namespaces – pooja acharya Jun 10 '22 at 05:46
  • No. If they expose services they can still interact with each other, just that the DNS name will be slightly different. – fredrik Jun 10 '22 at 06:12
  • If you really want to proceed with abac, look at https://kubernetes.io/docs/reference/access-authn-authz/abac/. Though I foresee that you can run into situations where things are made for rbac and won't work with abac. – fredrik Jun 10 '22 at 06:13

0 Answers0