charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon kedacore

Create rolebinding for .Release.Namespace implicitly

Open jkremser opened this issue 1 year ago • 3 comments

When helm chart is installed with a non-empty watchNamespace field, it will create the RoleBinding resource for the cluster role that contains most of the operator rights for each specified namespace in this CSV field. However, not for the namespace into which we actually install KEDA (mostly called keda).

So this PR adds the .Release.Namespace to the list

Checklist

  • [x] I have verified that my change is according to the deprecations & breaking changes policy
  • [x] Commits are signed with Developer Certificate of Origin (DCO - learn more)
  • [x] README is updated with new configuration values (if applicable) learn more
  • [x] A PR is opened to update KEDA core (repo) (if applicable, ie. when deployment manifests are modified) N/A

Fixes #641

jkremser avatar May 24 '24 15:05 jkremser

I guess you could also increment patch part of the Helm chart version.

kamialie avatar Jun 05 '24 21:06 kamialie

i dont think this will solve the problem as the clusterrole is still missing the list and watch actions if .Values.permissions.operator.restrict.secret: true?

https://github.com/kedacore/charts/blob/v2.14.2/keda/templates/manager/clusterrole.yaml#L33-L40

calvinbui avatar Jun 19 '24 07:06 calvinbui

@calvinbui i think you are right, I've added this in another commit (only for the .Release.Namespace) @kamialie I'd let the versioning and releasing to the maintainer

jkremser avatar Jun 19 '24 09:06 jkremser

How is the documentation regarding restricting access to secrets affected by #625 and this change?

https://github.com/kedacore/charts/issues/685#issuecomment-2342545761

joebowbeer avatar Sep 11 '24 04:09 joebowbeer