How to give rights with granularity inside a Kubernetes namespace

#1

Ported from github issue

Currently it is only possible to use Kubernetes rbac which enable only entire namespace mapping/access.

Often, in production, we cannot allow access to an entire namespace but only to some pods using marching labels as networkpolicy allow us to do.

Currently we have to find solution outside of Teleport to achieve this granularity, the main use case is running a console inside specific pods for debug purpose.

Is there any plan to support something like this?