Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aggregate sealed secrets to admin cluster role #14

Open
chetan-rns opened this issue Mar 3, 2021 · 2 comments
Open

Aggregate sealed secrets to admin cluster role #14

chetan-rns opened this issue Mar 3, 2021 · 2 comments

Comments

@chetan-rns
Copy link

On OpenShift the sealed secrets resource is not aggregated to the admin cluster role. This prevents service accounts (eg Argo CD) from managing sealed secret resources even though they have admin privileges in that namespace This could be achieved by adding the label

"rbac.authorization.k8s.io/aggregate-to-admin": "true",
@disposab1e
Copy link
Owner

Thx for reporting! Do you think bitnami-labs/sealed-secrets#540
rbac.authorization.k8s.io/aggregate-to-edit: "true"
can be useful too?

@chetan-rns
Copy link
Author

Yes @disposab1e. It would better if we can include view as well

rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chetan-rns @disposab1e