You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the permissions.operator.restrict.secret value is set to true, the minimal-rbac.yaml will not have permissions to read the secret within the release namespace.
It should be properly configured to read the secret created within its namespace.
Actual Behavior
At runtime, the keda-operator logs:
1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is
forbidden: User "system:serviceaccount:keda:keda-operator" cannot list resource "secrets" in API group "" in the
namespace "keda"
Steps to Reproduce the Problem
Set the values for v2.15.1 to define permissions.operator.restrict.secret to true
Deploy the helm chart to the cluster
Tail the logs for errors
Specifications
KEDA Version:v2.15.1
Platform & Version:AWS EKS v1.30
Kubernetes Version:v1.30
Note that an unreleased pull request added more permissions to list and watch. When will this be released?
If the permissions.operator.restrict.secret value is set to
true
, the minimal-rbac.yaml will not have permissions to read the secret within the release namespace.charts/keda/templates/manager/minimal-rbac.yaml
Lines 30 to 37 in 1373262
Expected Behavior
It should be properly configured to read the secret created within its namespace.
Actual Behavior
At runtime, the keda-operator logs:
Steps to Reproduce the Problem
Specifications
Note that an unreleased pull request added more permissions to list and watch. When will this be released?
https://github.com/kedacore/charts/blob/main/keda/templates/manager/minimal-rbac.yaml#L37-L40
The text was updated successfully, but these errors were encountered: