Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add extra RBAC permissions #715

Merged
merged 1 commit into from
Jan 20, 2022
Merged

Add extra RBAC permissions #715

merged 1 commit into from
Jan 20, 2022

Conversation

juan131
Copy link
Collaborator

@juan131 juan131 commented Jan 20, 2022
edited
Loading

Signed-off-by: juan131 [email protected]

Description of the change

This PR adds extra permissions to the ClusterRole so it can list secrets and the panic error below is addressed:

panic: secrets is forbidden: User "system:serviceaccount:kube-system:sealed-secrets" cannot list resource "secrets" in API group "" in the namespace "kube-system"

It also adds extra permissions to the "service-proxier" Role since the changes introduced at #648 require getting the service to obtain the port name information dynamically.

Benefits

Sealed Secrets to be compatible with K8s environments with RBAC enabled.

Possible drawbacks

None

Applicable issues

Additional information

N/A

alvneiayu
alvneiayu approved these changes Jan 20, 2022
View reviewed changes
Copy link
Collaborator

@alvneiayu alvneiayu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

agarcia-oss
agarcia-oss approved these changes Jan 20, 2022
View reviewed changes
Copy link
Member

@agarcia-oss agarcia-oss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@juan131 juan131 merged commit d616230 into bitnami-labs:main Jan 20, 2022
@juan131 juan131 deleted the rbac branch January 20, 2022 12:47
@chrisob chrisob mentioned this pull request Jan 21, 2022
Merged
@alvneiayu alvneiayu mentioned this pull request Jan 27, 2022
Merged
This was referenced Feb 16, 2022
Merged
Closed
@TheKangaroo TheKangaroo mentioned this pull request Apr 21, 2022
Closed
TheKangaroo added a commit to TheKangaroo/sealed-secrets that referenced this pull request Apr 21, 2022
@TheKangaroo
fix: rbac permission
08791ad 
add rbac name selector for get service permission in the helm chart.
this was missing in bitnami-labs#715

fixes: bitnami-labs#827

Signed-off-by: Till Adam <[email protected]>
@TheKangaroo TheKangaroo mentioned this pull request Apr 21, 2022
Merged
TheKangaroo added a commit to TheKangaroo/sealed-secrets that referenced this pull request May 5, 2022
@TheKangaroo
fix: rbac permission
6ea959e 
add rbac name selector for get service permission in the helm chart.
this was missing in bitnami-labs#715

fixes: bitnami-labs#827

Signed-off-by: Till Adam <[email protected]>
alemorcuq pushed a commit that referenced this pull request May 5, 2022
@TheKangaroo
fix: rbac permission (#828)
e4cc637 
add rbac name selector for get service permission in the helm chart.
this was missing in #715

fixes: #827

Signed-off-by: Till Adam <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvneiayu alvneiayu alvneiayu approved these changes

@agarcia-oss agarcia-oss agarcia-oss approved these changes

@mkmik mkmik Awaiting requested review from mkmik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role
3 participants
@juan131 @agarcia-oss @alvneiayu