Annotation-only assignment means anyone with pod-patch rights picks their own zone — multi-tenant non-starter. Add SyvaZonePolicy selector-based assignment and/or namespace defaults, document the trust model and required RBAC boundaries.
Part of the v0.4 roadmap.
🤖 Generated with Claude Code
Annotation-only assignment means anyone with pod-patch rights picks their own zone — multi-tenant non-starter. Add SyvaZonePolicy selector-based assignment and/or namespace defaults, document the trust model and required RBAC boundaries.
Part of the v0.4 roadmap.
🤖 Generated with Claude Code