Fix KEDA crashes when using cert-manager certificates and restricted secret access #518
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…secret access Allow KEDA operator to get, list and watch secrets in its own namespace when restricted mode and certmanager are enabled. Signed-off-by: Guillaume Jacquet <[email protected]>
gjacquet
force-pushed
the
cert-manager-restricted-secret-access
branch
from
c48465c
to
84a116d
Compare
zroubalik
reviewed
Sep 13, 2023
Signed-off-by: Guillaume Jacquet <[email protected]>
JorTurFer
reviewed
Sep 17, 2023
| @@ -1,4 +1,4 @@ | |||
| {{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }} | |||
There was a problem hiding this comment.
Maybe we should check if the restrict access is set instead of adding the role always. I mean, if this manifest has to be deployed if we are using self generated certs without cert manager OR if we set restricted access. But if I set cert manager and I don't set restricted access, this role isn't required as it's covered by the ClusterRole
keda/templates/manager/role.yaml
Outdated
| @@ -17,11 +17,13 @@ rules: | |||
| resources: | |||
| - secrets | |||
| verbs: | |||
| {{- if not .Values.certificates.certManager.enabled }} | |||
There was a problem hiding this comment.
I guess that with my previous comment, the condition here should be if self generated AND NOT cert manager
| @@ -1,4 +1,4 @@ | |||
| {{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }} | |||
| {{- if or .Values.certificates.autoGenerated .Values.certificates.certManager.enabled }} | |||
There was a problem hiding this comment.
same as the other file comment for the condition
|
Hi @gjacquet |
Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
|
@JorTurFer this should be good now. |
Signed-off-by: Guillaume Jacquet <[email protected]>
JorTurFer
reviewed
Sep 25, 2023
Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]>
Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]>
Signed-off-by: Guillaume Jacquet <[email protected]>
|
applied suggestions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allow KEDA operator to get, list and watch secrets in its own namespace when restricted mode and certmanager are enabled.
Checklist
Fixes #505