Allow resources to reference a VenafiConnection in another namespacePreview
By default, a VenafiConnection resource can only be used by resources that are in the same namespace as that VenafiConnection resource. Alternatively, the `allowReferencesFrom` field in the VenafiConnection definition allows resources from other namespaces to use the VenafiConnection.
Allow a specific namespace to use the VenafiConnection
The following example shows a label selector that allows resources in the application-team-1 namespace to use the VenafiConnection:
apiVersion: jetstack.io/v1alpha1kind: VenafiConnectionmetadata:name: application-team-1-connectionnamespace: jetstack-securespec:allowReferencesFrom:matchLabels:"kubernetes.io/metadata.name": application-team-1...
Allow a VenafiConnection to be used from multiple namespaces
The following example shows a label selector that allows all resources in a specified list of namespaces [application-team-1, application-team-2, application-team-3] to use the VenafiConnection:
apiVersion: jetstack.io/v1alpha1kind: VenafiConnectionmetadata:name: application-team-1-connectionnamespace: jetstack-securespec:allowReferencesFrom:matchExpressions:- { key: "kubernetes.io/metadata.name", operator: In, values: [application-team-1, application-team-2, application-team-3] }...
Allow all namespaces with a label to use the VenafiConnection
The following example shows a label selector that allows all resources in all namespaces with a specified label value to use the VenafiConnection:
apiVersion: jetstack.io/v1alpha1kind: VenafiConnectionmetadata:name: application-team-1-connectionnamespace: jetstack-securespec:allowReferencesFrom:matchLabels:namespace-owner: application-team-1...