Best practice Mutating Webhook

[grampelberg]

There's a set of best practices that are pretty important when working with SMI:

• separate service accounts for each resource.
• validate RBAC for modification of access control policies.

It would be awesome to have either a mutating webhook to apply these best practices for users automatically or a validating admission controller that warns users they're not using best practices. This can be something that all the service meshes use as a component.

[grampelberg]

@ritazh this is what I'm thinking around gatekeeper. WDYT?