Dario Tranchitella
Dario Tranchitella
> Q1: What is the `ignored-user-group` mean, when a user request is coming from a usergroup that is part of that annotation, then we will want to deny that request?...
Removed from the milestone due to inactivity in the PR.
> For the selector it would be awesome if we could also use matchExpressions instead of only namespaceSelector. This would allow more generic assignments @oliverbaehler we're going to support it...
Could you elaborate a bit more? Because, at first glance, I'd say it's a matter of Kubernetes limits, here :) Especially for: - tenants - namespaces/tenants - concurrent users Regarding...
I'd say #150 could help here: my plan is to scrape metrics and perform some massive fuzz activities in order to track down the requested reconciliation time, as well as...
@ptx96 can you run the test suite again excluding the Capsule Namespace and update the comment with the new results? We can ignore the `capsule-system` Namespace since our Operators has...
Am I wrong or assigning `ArgoCD` ServiceAccount as Tenant Owner means that the ArgoCD instance would be able to create Namespace resources only if assigned to a Tenant? With that...
@slushysnowman please, could you share the Kyverno rule you're using to allow a Pod running on one or more eligible node pools? The idea is to evaluate their logic and...
I'm not a Kyverno expert, please correct me if I'm wrong. Essentially, this policy is creating a validation pipeline made up of 3 steps. 1. with the stage `default-shared-nodeselector` you're...
@MaxFedotov I'd like to offer this enhancement to Capsule, overcoming the limitations of the [`PodNodeSelector`](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podnodeselector) that is not enabled by default, so we can decrease the number of add-ons required...