Skip to content

fix: secret rbac in restricted mode with cert-manager enabled#856

Merged
wozniakjan merged 1 commit into
kedacore:mainfrom
wozniakjan:fix/secret-rbac-cert-manager-restricted
May 27, 2026
Merged

fix: secret rbac in restricted mode with cert-manager enabled#856
wozniakjan merged 1 commit into
kedacore:mainfrom
wozniakjan:fix/secret-rbac-cert-manager-restricted

Conversation

@wozniakjan

@wozniakjan wozniakjan commented May 27, 2026

Copy link
Copy Markdown
Member

The #505 got fixed by #518 but probably in some later refactor, this got reverted back and #743 reports this again. This should fix it.

Checklist

Fixes #743

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a regression in the KEDA Helm chart where enabling restricted secret access together with cert-manager-managed certificates could cause the operator to fail due to missing RBAC to access the TLS secret it needs in its own namespace (reported in #743; previously addressed by #518).

Changes:

  • Add a cert-manager-specific RBAC rule granting get on the configured TLS secret.
  • When permissions.operator.restrict.secret=true, additionally grant namespaced list/watch on secrets to support informer-based access in restricted mode.
  • Preserve the existing auto-generated-certs RBAC behavior via else if certificates.autoGenerated.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wozniakjan wozniakjan merged commit e303537 into kedacore:main May 27, 2026
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Regression/Never really fixed? Fix KEDA crashes when using cert-manager certificates and restricted secret access

3 participants