mattharrigan

so typically there is a single go.mod and go.sum? i have go 1.13

> nor the associated Get that usually accompanies the lister I disagree. The `list` permission can read the secret contents without `get` permissions. This is the core of the security...

I think its a bug, not a feature request, since traefik k8s provider currently _requires_ being configured in a fundamentally insecure manner. However debating that point is probably not helpful....

I think we agree that its ok to give traefik read access to secrets it needs. Where we disagree is that I think namespace granularity for RBAC is at best...

This blog [post](https://www.cyberark.com/resources/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions) says that listing secrets is the number 1 example of a risky permission.

I would very much appreciate this issue being resolved. One specific feature request would be that if traefik doesn't have secret list permissions, log that fact, but do not exit...

a related feature request is to be able to post to the rest api to trigger a server streamed message. Assuming the following: `rpc LotsOfReplies(HelloRequest) returns (stream HelloResponse);` I would...