secret tls not replicated
wibed opened this issue · 2 comments
wibed commented
for some reason these secret content's are not replicated
anyoune could know why kubernetes-replicator is not replicating my tls secret?
- kind is set
- namespace replication from is set
kind: Secret
metadata:
annotations:
replicator.v1.mittwald.de/replication-allowed: "true"
replicator.v1.mittwald.de/replication-allowed-namespaces: "traefik,docker-registry"
name: tlscertificatesecret
namespace: cert-manager
type: kubernetes.io/tlsapiVersion: v1
kind: Secret
metadata:
name: tlscertificatesecret
namespace: traefik
annotations:
replicator.v1.mittwald.de/replicate-from: cert-manager/tlscertificatesecret
type: kubernetes.io/tls
data:
tls.key: ""
tls.crt: ""wibed commented
to specify further.
the namespace, serviceaccount, clusterrole aswell as the clusterrolebinding are set.
i still get the, xxx is forbidden resource... access denied.
Name: cluster0-kubernetes-replicator
Labels: app.kubernetes.io/instance=cluster0
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kubernetes-replicator
app.kubernetes.io/version=v2.9.1
helm.sh/chart=kubernetes-replicator-2.9.1
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get watch list create update patch delete describe]
cronjobs [] [] [get watch list create update patch delete describe]
deployments [] [] [get watch list create update patch delete describe]
events [] [] [get watch list create update patch delete describe]
ingresses [] [] [get watch list create update patch delete describe]
jobs [] [] [get watch list create update patch delete describe]
pods/attach [] [] [get watch list create update patch delete describe]
pods/exec [] [] [get watch list create update patch delete describe]
pods/log [] [] [get watch list create update patch delete describe]
pods/portforward [] [] [get watch list create update patch delete describe]
pods [] [] [get watch list create update patch delete describe]
rolebindings [] [] [get watch list create update patch delete describe]
roles [] [] [get watch list create update patch delete describe]
secrets [] [] [get watch list create update patch delete describe]
services [] [] [get watch list create update patch delete describe]
configmaps.apps [] [] [get watch list create update patch delete describe]
cronjobs.apps [] [] [get watch list create update patch delete describe]
deployments.apps [] [] [get watch list create update patch delete describe]
events.apps [] [] [get watch list create update patch delete describe]
ingresses.apps [] [] [get watch list create update patch delete describe]
jobs.apps [] [] [get watch list create update patch delete describe]
pods.apps/attach [] [] [get watch list create update patch delete describe]
pods.apps/exec [] [] [get watch list create update patch delete describe]
pods.apps/log [] [] [get watch list create update patch delete describe]
pods.apps/portforward [] [] [get watch list create update patch delete describe]
pods.apps [] [] [get watch list create update patch delete describe]
rolebindings.apps [] [] [get watch list create update patch delete describe]
roles.apps [] [] [get watch list create update patch delete describe]
secrets.apps [] [] [get watch list create update patch delete describe]
services.apps [] [] [get watch list create update patch delete describe]
configmaps.batch [] [] [get watch list create update patch delete describe]
cronjobs.batch [] [] [get watch list create update patch delete describe]
deployments.batch [] [] [get watch list create update patch delete describe]
events.batch [] [] [get watch list create update patch delete describe]
ingresses.batch [] [] [get watch list create update patch delete describe]
jobs.batch [] [] [get watch list create update patch delete describe]
pods.batch/attach [] [] [get watch list create update patch delete describe]
pods.batch/exec [] [] [get watch list create update patch delete describe]
pods.batch/log [] [] [get watch list create update patch delete describe]
pods.batch/portforward [] [] [get watch list create update patch delete describe]
pods.batch [] [] [get watch list create update patch delete describe]
services.batch [] [] [get watch list create update patch delete describe]
configmaps.extensions [] [] [get watch list create update patch delete describe]
cronjobs.extensions [] [] [get watch list create update patch delete describe]
deployments.extensions [] [] [get watch list create update patch delete describe]
events.extensions [] [] [get watch list create update patch delete describe]
ingresses.extensions [] [] [get watch list create update patch delete describe]
jobs.extensions [] [] [get watch list create update patch delete describe]
pods.extensions/attach [] [] [get watch list create update patch delete describe]
pods.extensions/exec [] [] [get watch list create update patch delete describe]
pods.extensions/log [] [] [get watch list create update patch delete describe]
pods.extensions/portforward [] [] [get watch list create update patch delete describe]
pods.extensions [] [] [get watch list create update patch delete describe]
rolebindings.extensions [] [] [get watch list create update patch delete describe]
roles.extensions [] [] [get watch list create update patch delete describe]
secrets.extensions [] [] [get watch list create update patch delete describe]
services.extensions [] [] [get watch list create update patch delete describe]
serviceaccounts [] [] [get watch list create update patch delete]
rolebindings.rbac.authorization.k8s.io [] [] [get watch list create update patch delete]
roles.rbac.authorization.k8s.io [] [] [get watch list create update patch delete]
namespaces [] [] [get watch list]wibed commented
solution
was to keep the name empty, as it has to be the configured fullname administered.
serviceAccount:
create: true
annotations: {}
name:
privileges:
- apiGroups: [ "", "apps", "extensions" ]
resources: ["secrets", "configmaps", "roles", "rolebindings", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: [ "batch" ]
resources: ["configmaps", "cronjobs", "deployments", "events", "ingresses", "jobs", "pods", "pods/attach", "pods/exec", "pods/log", "pods/portforward", "services"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]