slushysnowman
slushysnowman
Looks pretty good - would this also allow specifying pre-existing resources to be created in namespaces? Or would the spec of the item to be created in the namespaces have...
It depends how Capsule checks I guess? For example, if Capsule verifies the nodeSelectors on the pod spec against the multiple nodeSelectors specified on the tenant that should work right?...
Yeah it makes sense that continuing to do it this way would make this feature request impossible - but potentially there are other ways that this functionality could be implemented....
@prometherion apologies for delay, here it is: ``` --- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: node-restrictions annotations: policies.kyverno.io/title: Node restrictions policies.kyverno.io/category: xyz policies.kyverno.io/severity: high policies.kyverno.io/subject: Pod policies.kyverno.io/description: >- We offers...
Going to add a +1 to this feature - I'm running into this right now, whereby we are automation project creation in Harbor as cluster admins when creating a tenant,...
Something along these lines would be really useful - basically robot accounts that potentially have configurable full API access would be great
Would be great to get this in - at the moment we're manually adding it for our Harbor setup
This should be relatively easy to implement and would be a big bonus - we've just swapped to using EFS in AWS to get around this, but there's no reason...
Just to link this from here... https://github.com/distribution/distribution/issues/3756 Would be really nice if they cut a release so we could get this sorted.
Yeah I was just looking for a way to create a custom team role doing exasctly what you described and also ran into this. This would be really handy to...