Closed skomp closed 2 years ago
Namespace annotations are now required, otherwise external secrets will fail like this:
{"level":50,"message_time":"2021-12-02T12:04:15.366Z","pid":18,"hostname":"external-secrets-kubernetes-external-secrets-68fb9c59f-k92k2","payload":{"err":{"type":"Error","message":"not allowed to fetch secret: default/test: Namespace annotation is required","stack":"Error: not allowed to fetch secret: default/test: Namespace annotation is required\n at Poller._upsertKubernetesSecret (/app/lib/poller.js:162:14)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at async Poller._poll (/app/lib/poller.js:128:7)"}},"msg":"failure while polling the secret default/test"}
Fixes #379 by enforcing an annotation on the namespace to allow reading a secret, basically not allowing default access.