The external-secrets controller fails to read the git-repo-secret due to a recent update (likely 8.x). It worked fine in 7.x. It now throws a 403 error and when you turn on debug logging it shows the following:
{"level":20,"message_time":"2021-09-13T23:38:25.188Z","pid":17,"hostname":"---","msg":"updating status for argocd/git-repo-secret to: ERROR, secrets \"git-repo-secret\" is forbidden: User \"system:serviceaccount:kube-system:external-secrets\" cannot get resource \"secrets\" in API group \"\" in the namespace \"argocd\""}
davidspek
commented
2 years ago
Issue
The
external-secretscontroller fails to read thegit-repo-secretdue to a recent update (likely 8.x). It worked fine in 7.x. It now throws a 403 error and when you turn on debug logging it shows the following:Fix
Update the RBAC to match the RBAC generated using the official installation instructions. This adds 'get' for secrets resources.