Controllers must be able to authenticate API calls from metacontroller

[drdivano]

Is there a way for controllers to authenticate calls from metacontroller (coming via sync webhook)?

As I understand, I can restrict calls to webhooks using NetworkPolicy, however it is unavailable in some clusters.

[mikebryant]

FYI: Another option (again not available in all clusters) is using RBAC in istio