[Feature] Keda Config KEDA_RESTRIC_SECRET_ACCESS

akevin-ms commented 1 year ago

Is your feature request related to a problem? Please describe. On Keda-add on specifically on the KEDA operator deployment, There is concern from clusterRole given to much access including on giving access to cluster wide secret. This is known issue and therefore has been given an option on the vanilla KEDA where user can supply the KEDA_RESTRIC_SECRET_ACCESS during helm deployment and therefore limit the clusterRole access given to the KEDA operator. While in AKS it's not possible to do with KEDA addon since we don't have access to HELM deployment

Describe the solution you'd like A configurable KEDA_RESTRIC_SECRET_ACCESS env parameter to be able to limit the KEDA Operator clusterRole access as required

Describe alternatives you've considered Perhaps would be better if we can put the config in template as well or configurable from AKS ui via Azure Portal

Additional context Here is the access that was mention on the KEDA vanilla github

Here is the snippet of the code that can configure whether secret can be accessible or not

- apiGroups:
  - ""
  resources:
  - external
  - pods
    {{- if eq .Values.permissions.operator.restrict.secret false }}
  - secrets
    {{- end }}
  - services
  verbs:
  - get
  - list
  - watch