I want to limit users’ access so they can only see or manipulate resources in a namespace that they have access to. Essentially, I want team members to have insight into the pipelines that are relevant to them but not see any for other products. The only way I was able to do this was by creating an account per application per cluster (
hal config provider k8s account add appA-<env> --namespaces appA) and then use requiredGroupMembership to limit these users.
Is there a better way to do this, and are there any performance related concerns with adding hundreds of kubernetes accounts within Spinnaker?