Allow restricting the Cache's ListWatch to a set of namespaces #218
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Comments
|
/kind feature |
k8s-ci-robot
added
kind/feature
This was referenced Feb 13, 2019
|
@DirectXMan12 I think this is closed by #267 |
|
yep! |
DirectXMan12
pushed a commit
that referenced
this issue
Jan 31, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a follow up to #124 the manager should allow restricting the cache to a set of namespaces.
Watching on all namespaces and filtering the events(via predicates) to the desired namespaces is the only way to watch a set of namespaces currently.
The problem with that is it still requires a ClusterRoleBinding, whereas the user might want to grant more fine grained permissions of a ClusterRole with multiple RoleBindings(referring to the manager's service account).
Proposed Fix:
As discussed in #124 (comment) we can use a MultiListWatcher in the cache if the manager is passed a set of namespaces.
The text was updated successfully, but these errors were encountered: