Replies: 1 comment
-
This is also an interesting topic for us. We have split responsibility for different namespaces in our cluster. We only want to install cert-manager for the namespaces we own, without affecting others. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all,
Is it possible to limit the access of cert-manager to specific namespaces only, e.g. it's own namespace and specific others?
In particular limiting the access to secrets across the cluster as the "cert-manager-controller-issuers" clusterrole and corresponding clusterrolebinding seems to open it up quite a bit.
From my testing, I tried adjusting the RBAC by changing some of the bindings to RoleBindings on specific namespaces or even splitting it into separate roles but the controller and cainjector don't like it responding with for example:
Any ideas if it's possible in the current version?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions