Fix KEDA crashes when using cert-manager certificates and restricted secret access#518
Conversation
…secret access Allow KEDA operator to get, list and watch secrets in its own namespace when restricted mode and certmanager are enabled. Signed-off-by: Guillaume Jacquet <[email protected]>
c48465c to
84a116d
Compare
Signed-off-by: Guillaume Jacquet <[email protected]>
JorTurFer
left a comment
There was a problem hiding this comment.
Thanks for the fix!
I think that we be more fine to not deploy the Role if it's needed (it's not a pain, but if we don't deploy not required Roles is always better). WDYT?
| @@ -1,4 +1,4 @@ | |||
| {{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }} | |||
There was a problem hiding this comment.
Maybe we should check if the restrict access is set instead of adding the role always. I mean, if this manifest has to be deployed if we are using self generated certs without cert manager OR if we set restricted access. But if I set cert manager and I don't set restricted access, this role isn't required as it's covered by the ClusterRole
| resources: | ||
| - secrets | ||
| verbs: | ||
| {{- if not .Values.certificates.certManager.enabled }} |
There was a problem hiding this comment.
I guess that with my previous comment, the condition here should be if self generated AND NOT cert manager
| @@ -1,4 +1,4 @@ | |||
| {{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }} | |||
| {{- if or .Values.certificates.autoGenerated .Values.certificates.certManager.enabled }} | |||
There was a problem hiding this comment.
same as the other file comment for the condition
|
Hi @gjacquet |
Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
|
@JorTurFer this should be good now. |
Signed-off-by: Guillaume Jacquet <[email protected]>
Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]>
Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
|
applied suggestions |
Allow KEDA operator to get, list and watch secrets in its own namespace when restricted mode and certmanager are enabled.
Checklist
Fixes #505