I'm looking for a way to allow a user to edit just the image of a specific deployment without giving them access to modify anything else. I've heard that RBAC isn't capable of handling this kind of granularity. I'm open to writing some Go code if that helps! Any suggestions?
5 Answers
You might want to check out Kyverno and Open Policy Agent. They can help with creating policies for such fine-tuned access.
You might also think about using admission controllers like Kyverno for this task. They can help tailor access to what users can do.
This sounds more like a management issue than a tech one. If you can't trust a user with edits, should they even have access? But if you really need fine control, consider implementing restrictions at the CI/CD level.
I’m curious why you allow direct edits to images on clusters. That seems risky to me!
Using Validating Admission Policies could be your solution, too. It's more integrated within Kubernetes and can help restrict actions more precisely.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically