Aggregate sealed secrets to admin cluster role

disposab1e / sealed-secrets-operator-helm

[DEPRECATED] Sealed Secrets Operator (Helm) installs Sealed Secrets in OpenShift and Kubernetes.

http://sealed-secrets-operator-helm.rtfd.io/

Apache License 2.0

10 stars 16 forks source link

Aggregate sealed secrets to admin cluster role #14

Open chetan-rns opened 3 years ago

chetan-rns commented 3 years ago

On OpenShift the sealed secrets resource is not aggregated to the admin cluster role. This prevents service accounts (eg Argo CD) from managing sealed secret resources even though they have admin privileges in that namespace This could be achieved by adding the label


"rbac.authorization.k8s.io/aggregate-to-admin": "true",

disposab1e commented 3 years ago

Thx for reporting! Do you think https://github.com/bitnami-labs/sealed-secrets/pull/540 rbac.authorization.k8s.io/aggregate-to-edit: "true" can be useful too?

chetan-rns commented 3 years ago

Yes @disposab1e. It would better if we can include view as well

rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"