Managing access to isolate teams to their respective namespaces in a shared k8s cluster is typically accomplished one in a couple of ways

1) Namespace specific k8s connectors, using service account token connectors -- The use of static service account tokens in k8s is common, but now considered bad practice.  This also requires customer managed automation to rotate the tokens.

2) Cloud Native connectors like an AWS connector, using a namespace isolated IAM role -- Does not work for self managed k8s cluster