Elastic operator all-in-one can read all secrets in all namespaces

The Elastic operator all-in-one install can read all secrets in all namespaces. Are there plans to make it more secure?

The Elastic Operator can be deployed in 2 different modes.

Either watching all namespaces or a subset of namespaces with restricted RBAC permissions.

Furthermore it is possible to deploy the operator into the same namespace as the workloads it is managing.

You will find examples here: https://github.com/elastic/cloud-on-k8s/tree/master/config/operator.

We are still working to bring a tool to ease the configuration of the operator: