has somebody experiences on how to (or if at all) enforce specific UIDs:GIDs for pods to be used by cluster users? I.e., beyond the general policies (how to w. admissions??) to enforce non-root IDs for pods.
Does somebody know, if a plugin or some kind of admission extensions would allow for dynamically constraining IDs for each user in a catch-all cluster? (subuid/subgid mapping being alpha and not exactly what we are looking for)
Maybe somebody has realized something like that already in Kyverno or gatekeeper (or some OCI rules)?
Cheers and thanks