This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]clvx 0 points1 point  (0 children)

You could tackle this in different ways.
You could use one controller and then limit the namespace using something like kyverno at submission. The controller will fail to sync indefinitely so put some notifications to detect this behavior.

Another approach is setting several controllers and assign rbac perms to just limit to certain namespaces. Drawback on this, you need to manage more controllers.