-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create rolebinding for .Release.Namespace implicitly #643
Conversation
Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for the fix
I guess you could also increment patch part of the Helm chart version. |
i dont think this will solve the problem as the https://github.com/kedacore/charts/blob/v2.14.2/keda/templates/manager/clusterrole.yaml#L33-L40 |
…certs) Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
@calvinbui i think you are right, I've added this in another commit (only for the |
How is the documentation regarding restricting access to secrets affected by #625 and this change? |
* Create rolebinding for .Release.Namespace implicitly Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com> * Operator should be able to list and watch secrets in the release ns (certs) Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com> --------- Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
* Create rolebinding for .Release.Namespace implicitly Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com> * Operator should be able to list and watch secrets in the release ns (certs) Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com> --------- Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
When helm chart is installed with a non-empty
watchNamespace
field, it will create theRoleBinding
resource for the cluster role that contains most of the operator rights for each specified namespace in this CSV field. However, not for the namespace into which we actually install KEDA (mostly calledkeda
).So this PR adds the
.Release.Namespace
to the listChecklist
Fixes #641