Open Blokje5 opened 2 years ago
Right so we probably don't want to create blanket secret permissions. We could move secret creation into the injection phase, that way our controller doesn't need any secret permissions at all. The service account running the Workflow would need the required RBAC. Thoughts? @Blokje5
If we can keep the permissions for the controller as small as possible that would be preferred yes. It is then also easier to make this an optional feature for those who do not want to rely on the secret injection mechanism
I've got a PR almost ready for this, moving it out of controllers actually made more sense anyway.
We should make sure RBAC is set correctly (and update the quick-starts).