Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role #708

cmeury · 2022-01-12T09:35:40Z

Which component: Helm Chart

Describe the bug
The helm chart version 2.0.2 contains a cluster role with the following rule, among others:

  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
      - update
      - delete

On a Kubernetes cluster with version v1.21.5, this is seemingly not enough, as the controller states upon start:

panic: secrets is forbidden: User "system:serviceaccount:kube-system:sealed-secrets" cannot list resource "secrets" in API group "" in the namespace "kube-system"

goroutine 1 [running]:
main.main()
	/home/runner/work/sealed-secrets/sealed-secrets/cmd/controller/main.go:271 +0x225

Adding list to the verbs resolves the issue.

Additional context
Curiously enough, it looks like this popped before: helm/charts#15837

The text was updated successfully, but these errors were encountered:

juan131 · 2022-01-20T07:24:54Z

Thanks for reporting it @cmeury ! I'll send a PR to address a couple of RBAC issues we recently discovered.

juan131 added the bug label Jan 20, 2022

juan131 self-assigned this Jan 20, 2022

juan131 mentioned this issue Jan 20, 2022

Add extra RBAC permissions #715

Merged

juan131 closed this as completed in #715 Jan 20, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role #708

Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role #708

cmeury commented Jan 12, 2022

juan131 commented Jan 20, 2022

Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role #708

Helm chart 2.0.2 seems to lacks list verb for secrets in cluster role #708

Comments

cmeury commented Jan 12, 2022

juan131 commented Jan 20, 2022