Andy Suderman

Yep, that is possible. Please take a look at https://github.com/FairwindsOps/rbac-manager#dynamic-namespaces-and-labels In this case your subject will be a service account, but that example should get you going.

Hmmm. This is interesting. I am fairly certain that even if you specify the namespace on the serviceAccount (which you have to, you are correct), that it will create the...

Oh, and to create the label-matched bindings and the single-namespace binding, you'll need to specify multiple bindings, like so: ``` rbacBindings: - name: foo subjects: - kind: ServiceAccount name: some-name...

``` apiVersion: rbacmanager.reactiveops.io/v1beta1 kind: RBACDefinition metadata: name: testing rbacBindings: - name: foo subjects: - kind: ServiceAccount name: test-service-account namespace: foo roleBindings: - clusterRole: admin namespaceSelector: matchLabels: access: foo - clusterRole:...

This might be a good feature request, but I would have to look at the code to make sure.

Sorry for dropping this. I think it is something we would be willing to support. I need to ask my fellow maintainers. I posed the question internally.

Talked to @lucasreed and I think this is something we would accept a PR, but it will be a non-trivial amount of effort. Because of that, we probably won't be...

@jjtroberts I don't believe any progress has been made on this. I definitely see the need for this, and it is something we would accept a PR for. The one...

Makes sense. Thanks for all the feedback and info. I'll make sure we at least discuss this feature going forward.

in response to #113