how i do manage vault roles to work with KES without having it running as all powerfull?

Question

how i do manage vault roles to work with KES without having it running as all powerfull?

facundo-tul opened this issue 3 years ago · 2 comments

i have a vault role binded to a service account and a namespace with specific access to secrets.
running KES i need to give it access with a specific role asigned to it.
when i try to generate a new external-secret with a specific role on another namespace i have namespace not authorized error.
the only way to make it work is give KES unrestricted accest to all my secrets to put it on multiple namespaces.
the idea to have multiple instances running implies houndred of kes pod doing nothing.
what i am missing wich is the correct way to handle this?
i find this #474 but is stale closed with out any solve

Answer 1 · 2021-11-03T02:08:27.000Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

Answer 2 · 2021-12-03T02:10:16.000Z

This issue was closed because it has been stalled for 30 days with no activity.