search

argoflow / argoflow-aws

Argoflow-AWS has been superseded by deployKF
GNU Affero General Public License v3.0
44 stars 29 forks source link

[Clusterrole] External Secrets permission error #219

Closed jaystary closed 3 years ago

jaystary commented 3 years ago

With the specified policy after the rollout we get an error in fetching external secrets from AWS Secretsmanager as it wants a get on that API group.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-secrets
  labels:
    name: kubernetes-external-secrets
rules:
- apiGroups: ['']
  resources: [secrets]
  verbs: [create, update]

When adding the get, it works without issue. 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-secrets
  labels:
    name: kubernetes-external-secrets
rules:
- apiGroups: ['']
  resources: [secrets]
  verbs: [get, create, update]

What i find strange though is the fact that [create, update] was there originally and previously we still had succesful rollouts. Is there an issue with just adding the get to the permission? If no i would like to integrate that.

davidspek commented 3 years ago

Sorry for the late response, I've been very busy with a new job. The fix for this should be merged now.