secret tls not replicated

wibed commented 10 months ago

for some reason these secret content's are not replicated

anyoune could know why kubernetes-replicator is not replicating my tls secret?

kind is set

namespace replication from is set

kind: Secret
metadata:
annotations:
replicator.v1.mittwald.de/replication-allowed: "true"
replicator.v1.mittwald.de/replication-allowed-namespaces: "traefik,docker-registry"
name: tlscertificatesecret
namespace: cert-manager
type: kubernetes.io/tls

apiVersion: v1
kind: Secret
metadata:
  name: tlscertificatesecret
  namespace: traefik
  annotations:
    replicator.v1.mittwald.de/replicate-from: cert-manager/tlscertificatesecret
type: kubernetes.io/tls
data:
  tls.key: ""
  tls.crt: ""

wibed commented 10 months ago

to specify further.

the namespace, serviceaccount, clusterrole aswell as the clusterrolebinding are set.

i still get the, xxx is forbidden resource... access denied.

Name:         cluster0-kubernetes-replicator
Labels:       app.kubernetes.io/instance=cluster0
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=kubernetes-replicator
              app.kubernetes.io/version=v2.9.1
              helm.sh/chart=kubernetes-replicator-2.9.1
Annotations:  <none>
PolicyRule:
  Resources                               Non-Resource URLs  Resource Names  Verbs
  ---------                               -----------------  --------------  -----
  configmaps                              []                 []              [get watch list create update patch delete describe]
  cronjobs                                []                 []              [get watch list create update patch delete describe]
  deployments                             []                 []              [get watch list create update patch delete describe]
  events                                  []                 []              [get watch list create update patch delete describe]
  ingresses                               []                 []              [get watch list create update patch delete describe]
  jobs                                    []                 []              [get watch list create update patch delete describe]
  pods/attach                             []                 []              [get watch list create update patch delete describe]
  pods/exec                               []                 []              [get watch list create update patch delete describe]
  pods/log                                []                 []              [get watch list create update patch delete describe]
  pods/portforward                        []                 []              [get watch list create update patch delete describe]
  pods                                    []                 []              [get watch list create update patch delete describe]
  rolebindings                            []                 []              [get watch list create update patch delete describe]
  roles                                   []                 []              [get watch list create update patch delete describe]
  secrets                                 []                 []              [get watch list create update patch delete describe]
  services                                []                 []              [get watch list create update patch delete describe]
  configmaps.apps                         []                 []              [get watch list create update patch delete describe]
  cronjobs.apps                           []                 []              [get watch list create update patch delete describe]
  deployments.apps                        []                 []              [get watch list create update patch delete describe]
  events.apps                             []                 []              [get watch list create update patch delete describe]
  ingresses.apps                          []                 []              [get watch list create update patch delete describe]
  jobs.apps                               []                 []              [get watch list create update patch delete describe]
  pods.apps/attach                        []                 []              [get watch list create update patch delete describe]
  pods.apps/exec                          []                 []              [get watch list create update patch delete describe]
  pods.apps/log                           []                 []              [get watch list create update patch delete describe]
  pods.apps/portforward                   []                 []              [get watch list create update patch delete describe]
  pods.apps                               []                 []              [get watch list create update patch delete describe]
  rolebindings.apps                       []                 []              [get watch list create update patch delete describe]
  roles.apps                              []                 []              [get watch list create update patch delete describe]
  secrets.apps                            []                 []              [get watch list create update patch delete describe]
  services.apps                           []                 []              [get watch list create update patch delete describe]
  configmaps.batch                        []                 []              [get watch list create update patch delete describe]
  cronjobs.batch                          []                 []              [get watch list create update patch delete describe]
  deployments.batch                       []                 []              [get watch list create update patch delete describe]
  events.batch                            []                 []              [get watch list create update patch delete describe]
  ingresses.batch                         []                 []              [get watch list create update patch delete describe]
  jobs.batch                              []                 []              [get watch list create update patch delete describe]
  pods.batch/attach                       []                 []              [get watch list create update patch delete describe]
  pods.batch/exec                         []                 []              [get watch list create update patch delete describe]
  pods.batch/log                          []                 []              [get watch list create update patch delete describe]
  pods.batch/portforward                  []                 []              [get watch list create update patch delete describe]
  pods.batch                              []                 []              [get watch list create update patch delete describe]
  services.batch                          []                 []              [get watch list create update patch delete describe]
  configmaps.extensions                   []                 []              [get watch list create update patch delete describe]
  cronjobs.extensions                     []                 []              [get watch list create update patch delete describe]
  deployments.extensions                  []                 []              [get watch list create update patch delete describe]
  events.extensions                       []                 []              [get watch list create update patch delete describe]
  ingresses.extensions                    []                 []              [get watch list create update patch delete describe]
  jobs.extensions                         []                 []              [get watch list create update patch delete describe]
  pods.extensions/attach                  []                 []              [get watch list create update patch delete describe]
  pods.extensions/exec                    []                 []              [get watch list create update patch delete describe]
  pods.extensions/log                     []                 []              [get watch list create update patch delete describe]
  pods.extensions/portforward             []                 []              [get watch list create update patch delete describe]
  pods.extensions                         []                 []              [get watch list create update patch delete describe]
  rolebindings.extensions                 []                 []              [get watch list create update patch delete describe]
  roles.extensions                        []                 []              [get watch list create update patch delete describe]
  secrets.extensions                      []                 []              [get watch list create update patch delete describe]
  services.extensions                     []                 []              [get watch list create update patch delete describe]
  serviceaccounts                         []                 []              [get watch list create update patch delete]
  rolebindings.rbac.authorization.k8s.io  []                 []              [get watch list create update patch delete]
  roles.rbac.authorization.k8s.io         []                 []              [get watch list create update patch delete]
  namespaces                              []                 []              [get watch list]

wibed commented 10 months ago

solution

was to keep the name empty, as it has to be the configured fullname administered.

    serviceAccount:
      create: true
      annotations: {}
      name: 
      privileges:
        - apiGroups: [ "", "apps", "extensions" ]
          resources: ["secrets", "configmaps", "roles", "rolebindings", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
          verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
        - apiGroups: [ "batch" ]
          resources:  ["configmaps", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
          verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]

mittwald / kubernetes-replicator

secret tls not replicated #310

solution