Balazs Zachar

@makkes thanks for looking into this. Sure, here we are: ```yaml # kubectl get hpa -n istio-system istiod -o jsonpath={.status}|jq { "conditions": [ { "lastTransitionTime": "2023-11-17T15:15:50Z", "message": "recent recommendations were...

Let me drop here another example also from Istio's default installation: ```bash # kubectl get poddisruptionbudgets.policy -n istio-system istiod -o jsonpath={.status}|jq { "conditions": [ { "lastTransitionTime": "2023-11-17T15:15:45Z", "message": "", "observedGeneration":...

@makkes hmm... looking into the code, it seems, your [test data](https://github.com/weaveworks/weave-gitops/blob/b9493a86f0b73eab217aa43100a50cb5ee5b2948/pkg/health/testdata/hpa-healthy.yaml#L48) for HPA is in fact does not look good: ``` message: the desired replica count is less than the...

Hi @foot, Sorry for not coming back. We stopped using/evaluating waeve-gitops as it does not support flux multi-tenant config (more details in [this ticket](https://github.com/weaveworks/weave-gitops/issues/4036)). As far as I remember there...

On top of this, even when the HPA status is good, weave-gitops shows `not ready`. We got the following status: ``` status: conditions: - lastTransitionTime: "2023-09-09T18:33:56Z" message: recent recommendations were...

> * additional `ClusterRole` and `ClusterRoleBinding` to impersonate all the users - as suggested by @grglzrv > * added cli not to request `groups` scope as AzureAD doesn't support it:...

Note: EKS and EKS Anywhere can use OIDC for authentication (this is how we use these services with AzureAD) that can be used also with weave-gitops.

@evandam just took a look on the clusterrole that is in that doc... that will give read access to all secrets in the cluster...

@evandam unfortunately, it is not that simple. We use flux in multi-tenancy mode and as such, users have only access to their own namespaces. It turned out that at the...

@bigkevmcd yeah but the problem is that weave-gitops still need much more than flux cli. Let's say that you are a user (authenticated through OIDC) with RBAC access to only...