Can I create a service account for such specific things and no more. I'm interested because I don't know how clustered roles will behave in this context.
- One(first) service account has the right to create/remove namespaces
- Create/remove ClusterRole Binding for another(second) account.
The idea is that I want to make developers only have access to certain namespaces. These namespaces are created dynamically, so every time I create a namespace, I will be adding a RoleBinding to their(second) service account.
This is described in this article https://faun.pub/kubernetes-rbac-use-one-role-in-multiple-namespaces-d1d08bb08286 This I know and understand how to do.
I don’t understand a little how to define a role for an account(first) that will only have the right to create/remove namespaces and create/remove ClusterRole Binding
I hope my question is clear.
Thanks