You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The existing documentation for restricting secret access is misleading, as it implies that access to secrets can be (completely) restricted by removing the secrets resource from one ClusterRole rule.
In addition to improving the documentation, it would be helpful if the docs explained how to update the role in order to completely restrict access.
I installed KEDA with access to secrets omitted as described in the docs:
This permission is required because KEDA can potentially work with any resource which implements /scale, so it needs that permission for working. The filter is done inside the code at some different levels:
To avoid the * , you can update that permission adding the other permissions required for your workloads, if you just use Deployments, replacing it with
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
stalebot
added
the
stale
All issues that are marked as stale due to inactivity
label
Apr 10, 2024
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
stalebot
added
the
stale
All issues that are marked as stale due to inactivity
label
Jun 9, 2024
The existing documentation for restricting secret access is misleading, as it implies that access to secrets can be (completely) restricted by removing the
secrets
resource from one ClusterRole rule.In addition to improving the documentation, it would be helpful if the docs explained how to update the role in order to completely restrict access.
I installed KEDA with access to secrets omitted as described in the docs:
https://keda.sh/docs/2.13/operate/cluster/#restrict-secret-access
but keda-operator still has "get" access to all secrets by way of a different rule in the keda-operator ClusterRole:
Discussion: kedacore/keda#4730
Related: kedacore/charts#605
Expected Behavior
Actual Behavior
Steps to Reproduce the Problem
Specifications
The text was updated successfully, but these errors were encountered: