external-secrets: AKS - Kubernetes Provider ServiceAccount Auth Bug?

Describe the solution you’d like Get secrets from the local or a remote Kubernetes cluster.

What is the added value? Verify Kubernetes Provider ServiceAccount auth is working.

Observations (Constraints, Context, etc):

It seems that I am missing something when using the Kubernetes Provider. Can someone help me or verify that is working (or not working) ?

I am using the exact example from the PR that was merged: https://github.com/external-secrets/external-secrets/pull/1201

and getting the error “client is not allowed to get secrets”. Is the example outdated?

ClusterSecretStore:

Events:
  Type     Reason            Age                     From                  Message
  ----     ------            ----                    ----                  -------
  Warning  ValidationFailed  2m33s (x16 over 5m18s)  cluster-secret-store  client is not allowed to get secrets

ExternalSecret:

NAMESPACE   NAME                                                      STORE            REFRESH INTERVAL   STATUS              READY
default     externalsecret.external-secrets.io/example-kubernetes     kubernetes       1m                 SecretSyncedError   False

Versions: Kubernetes: v1.23.8 ESO: v0.7.1

About this issue

Original URL
State: closed
Created a year ago
Comments: 15 (7 by maintainers)

Most upvoted comments

Hi. So we found the issue!

The terraform AKS module https://github.com/Azure/terraform-azurerm-aks does not seem to support the default RBAC permissions of enabling local accounts for AKS or we were not able to use it correctly (or maybe it is not even working we do not know). Rather than using local accounts it just completely disables RBAC which is not possible in the UI.

Thanks for the help!! I am closing this issue.

kayiplar on Jan 17, 2023