the enforcer-k8s helm chart does not include rbac that will allow the enforcer to fetch a pod's image pull secrets. this will need to be added to the chart in the form of a ClusterRole, as the enforcer will need to query secrets in multiple namespaces. we could try to reduce the scope of these permissions using resourceNames.
the enforcer-k8s helm chart does not include rbac that will allow the enforcer to fetch a pod's image pull secrets. this will need to be added to the chart in the form of a
ClusterRole
, as the enforcer will need to query secrets in multiple namespaces. we could try to reduce the scope of these permissions usingresourceNames
.