Closed jaystary closed 3 years ago
With the specified policy after the rollout we get an error in fetching external secrets from AWS Secretsmanager as it wants a get on that API group.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-secrets labels: name: kubernetes-external-secrets rules: - apiGroups: [''] resources: [secrets] verbs: [create, update]
When adding the get, it works without issue.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-secrets labels: name: kubernetes-external-secrets rules: - apiGroups: [''] resources: [secrets] verbs: [get, create, update]
What i find strange though is the fact that [create, update] was there originally and previously we still had succesful rollouts. Is there an issue with just adding the get to the permission? If no i would like to integrate that.
Sorry for the late response, I've been very busy with a new job. The fix for this should be merged now.
With the specified policy after the rollout we get an error in fetching external secrets from AWS Secretsmanager as it wants a get on that API group.
When adding the get, it works without issue.
What i find strange though is the fact that [create, update] was there originally and previously we still had succesful rollouts. Is there an issue with just adding the get to the permission? If no i would like to integrate that.