I have tried to change the rbac from ClusterRole and ClusterRoleBinding to Role and RoleBinding, giving the x509-exporter the ability to only get the TLS secrets (without having the access to the root certificates) and only on some namespaces.
Currently, I did all, the serviceaccount is working, I did try to kubectl auth can-i using that specific serviceaccount and I can get the secrets.
The only part that I couldn't manage is, each time I access the logs, I get 0 parsed certificates. Any help ?
Hello.
I have tried to change the rbac from ClusterRole and ClusterRoleBinding to Role and RoleBinding, giving the x509-exporter the ability to only get the TLS secrets (without having the access to the root certificates) and only on some namespaces.
Currently, I did all, the serviceaccount is working, I did try to kubectl auth can-i using that specific serviceaccount and I can get the secrets. The only part that I couldn't manage is, each time I access the logs, I get 0 parsed certificates. Any help ?