It seems that the namespace-scoped CR, KopsControlPlane, can reference secrets in namespaces specified in IdentityRef and kopsSecret, which may enable namespace-scoped users to reference secrets in their unauthorized namespaces. Perhaps it would be better if further check user permission with admission webhook.
It seems that the namespace-scoped CR, KopsControlPlane, can reference secrets in namespaces specified in IdentityRef and kopsSecret, which may enable namespace-scoped users to reference secrets in their unauthorized namespaces. Perhaps it would be better if further check user permission with admission webhook.