The VSS controller drops some events of kv-v2 secrets because it expects a wrong path to be set. Most events use the pattern <secret-mount>/data/<secret-path>, but some operations, like delete and undelete, will include the operation instead of data in its path. Therefore, it would be better if the controller also accepts <secret-mount>/<operation>/<secret-path> as a valid path.
Additionally, it would be helpful if the controller uses the namespaces configured in the referenced VaultAuth resource as fallback while filtering the events. This would reduce the required configuration if authentication and secrets are in the same namespace.
The VSS controller drops some events of kv-v2 secrets because it expects a wrong path to be set. Most events use the pattern
<secret-mount>/data/<secret-path>, but some operations, like delete and undelete, will include the operation instead ofdatain its path. Therefore, it would be better if the controller also accepts<secret-mount>/<operation>/<secret-path>as a valid path.Additionally, it would be helpful if the controller uses the namespaces configured in the referenced VaultAuth resource as fallback while filtering the events. This would reduce the required configuration if authentication and secrets are in the same namespace.