Add a flag to disable push-based replication
devholic opened this issue · 3 comments
Is your feature request related to a problem? Please describe.
Our team provides an in-house Kubernetes cluster with the Namespace as a Service model and provides kubernetes-replicator as an add-on to let users replicate their resources across namespaces.
In this use case, users can push resources to unauthorized namespaces. This issue could be resolved by allowing pull-based replication only, but currently, there is no way to disable push-based replication.
Describe the solution you'd like
I think adding a flag to disable push-based replication and letting operators decide to disable push-based replication or not can be a solution.
Describe alternatives you've considered
- #41 might resolve this issue
Adding allowedNamespaces (suggested in #41 (comment)) could be a solution, but default replication policy should deny all namespace.
- Adding
replication-allowed-fromannotation to namespace
But this will only work when the default replication policy denies all namespace.
Additional context
- PoC: #160
There has not been any activity to this issue in the last 14 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.
not stale
There has not been any activity to this issue in the last 14 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.