Moritz Johner

There seems to be an issue in the e2e tests that probably come from this change :thinking:: ``` [FAIL] [vault] sync secrets [It] [common] should delete orphaned secrets with Owner...

good catch, i believe i tested it locally against a `kind` cluster having cluster-admin privileges. I think the `delete` should be here in the `-controller` (Cluster)Role https://github.com/external-secrets/external-secrets/blob/e9c8c4548df25b08dace757ff8454a6816023def/deploy/charts/external-secrets/templates/rbac.yaml#L87-L93 provided a fix...

Sounds good! I'm a bit short on time, don't wait for my feedback. I'd be glad if we could release it asap (maybe do a `rc1` release even? There may...

Hey @wallrj sure, i'll swing by tomorrow for the standup; Until then let me try to give you context and summarize our requirements. > So what is wrong (in this...

> If users are choosing to inject sidecar containers into the cert-manager Pods (which use different or no ServiceAccounts) then they can also have the means to mutate the automount...

> x509: certificate is not valid for any names, but wanted to match external-secrets-webhook.external-secrets.svc @erineG how do you deploy ESO? When using helm, can you share your values? It looks...

Can you inspect the tls certificate of the validating webhook (expiry, issuer, DNS names...) and look for issues in the logs of the cert controller? The cert is not valid,...

Thank you, could you please paste your webhook TLS certificate DNS SAN? The following command should show that: ```sh $ kubectl -n external-secrets get secret external-secrets-webhook -o json | jq...

Interesting, that's not what i expected. Now we got to move towards the control plane and get a perspective from there. Do you have any chance to get to the...

yeah sure, why not. However, that will also uninstall the CRDs and with that all ExternalSecrets, SecretStores etc. Be aware of that. Don't do this in production :smile: