Is your feature request related to a problem? Please describe.
I'd like to have a one to one mapping between the queues and namespaces. I want groupA to only submit to queueA which can only create pods in namespaceA, and groupB->queueB->namespaceB.
Describe the solution you'd like
Currently a queue can submit pods to any namespace in the cluster, which is bad both from security point and doesn't provide isolation for groups like the namespaces do if used directly.
Describe alternatives you've considered
A field AllowedNamespaces []string in queue definition that will restrict the queue to only those namespaces
Is your feature request related to a problem? Please describe.
I'd like to have a one to one mapping between the queues and namespaces. I want groupA to only submit to queueA which can only create pods in namespaceA, and groupB->queueB->namespaceB.
Describe the solution you'd like
Currently a queue can submit pods to any namespace in the cluster, which is bad both from security point and doesn't provide isolation for groups like the namespaces do if used directly.
Describe alternatives you've considered
A field
AllowedNamespaces []stringin queue definition that will restrict the queue to only those namespaces