The Elastic operator all-in-one install can read all secrets in all namespaces. Are there plans to make it more secure?
The Elastic Operator can be deployed in 2 different modes.
Either watching all namespaces or a subset of namespaces with restricted RBAC permissions.
Furthermore it is possible to deploy the operator into the same namespace as the workloads it is managing.
You will find examples here: https://github.com/elastic/cloud-on-k8s/tree/master/config/operator.
We are still working to bring a tool to ease the configuration of the operator:
https://github.com/elastic/cloud-on-k8s/issues/2406.