1. Proposed title of this feature request
Allow applying a custom SCC policy only to the namespaces that match a label selector
2. What is the nature and description of the request?
I am aware of using roles to define SCC roles but that doesn't cover the 3 methods I asked an RFE for. It only assigns the SCC for pods that are already using a service account. Which as I have mentioned before is not the default for devs developing a wide variety of workloads.
I'd like to request an official RFE for the SCC CustomResourceDefinition to support one of the three options here:
- Allow explicit exclusion of certain service accounts from SCC policies
- Allow applying a custom SCC policy only to namespaces that start with a certain pattern
- Allow applying a custom SCC policy only to the namespaces that match a label selector
3. Why does the customer need this? (List the business requirements here)
Devs developing a wide variety of workloads (mostly open source software requiring running as Root)
4. List any affected packages or components.
Security Context Constraint CRD