Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V1.0.5 #20

Merged
merged 10 commits into from
Dec 20, 2023
Merged

V1.0.5 #20

merged 10 commits into from
Dec 20, 2023

Conversation

m8rmclaren
Copy link
Contributor

Add configuration field to Helm chart that changes the scope of the ServiceAccount to grant cluster access to the K8s Secrets API.

secretConfig:
  # If true, when using Issuer resources, the credential secret must be created in the same namespace as the
  # Issuer resource. This access is facilitated by granting the ServiceAccount [get, list, watch] for the secret
  # API at the cluster level.
  #
  # If false, both Issuer and ClusterIssuer must reference a secret in the same namespace as the chart/reconciler.
  # This access is facilitated by granting the ServiceAccount [get, list, watch] for the secret API only for the
  # namespace the chart is deployed in.
  useClusterRoleForSecretAccess: false

v1.0.5 Changelog

Features

  • feat(controller): Implement Kubernetes client-go REST client for Secret/ConfigMap retrieval to bypass controller-runtime caching system. This enables the reconciler to retrieve Secret and ConfigMap resources at the namespace scope with only namespace-level permissions.

Fixes

  • fix(helm): Add configuration flag to configure chart to either grant cluster-scoped or namespace-scoped access to Secret and ConfigMap API
  • fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration.

m8rmclaren and others added 10 commits December 1, 2023 19:39
@m8rmclaren m8rmclaren requested review from fiddlermikey and svenska-primekey and removed request for fiddlermikey December 20, 2023 05:04
svenska-primekey
svenska-primekey approved these changes Dec 20, 2023
View reviewed changes
Copy link

@svenska-primekey svenska-primekey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@m8rmclaren m8rmclaren merged commit 31dd7dd into main Dec 20, 2023
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svenska-primekey svenska-primekey svenska-primekey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@m8rmclaren @svenska-primekey @fiddlermikey