Hi Tim! We do have a "
Namespace scoped policy binding" feature proposed which is in the direction of what you're suggesting but not exactly the same. This proposal allows the "bindings" to be namespace scoped, but doesn't go as far as allowing the policies to be namespace scoped.
If we did support cluster&namespace scoped policy definitions, I think that results in three possible combinations:
| policy definition | policy binding & params CR |
|-------------------|----------------------------|
| cluster scoped | cluster scoped |
| cluster scoped | namespace scoped |
| namespace scoped | namespace scoped |
Does that look right? Any interest in adding an UNRESOLVED to the KEP about this with some rationale? (the kep is merged as "provisional" right now)
-Joe