|
|
@@ -5137,13 +5137,12 @@ This is achieved with informers watching the relevant GVK of the Resource.</p>
|
|
|
<p>The operator automatically adds the <code>externalsecrets.external-secrets.io/managed: "true"</code> label to track which resources it manages.</p>
|
|
|
<h2 id="rbac-requirements">RBAC Requirements</h2>
|
|
|
<p>When using custom resource targets, ensure the External Secrets Operator has appropriate RBAC permissions to create and manage those resources. The Helm chart provides configuration options to enable these permissions:</p>
|
|
|
-<div class="highlight"><pre><span></span><code><span class="nt">nonSecretTargets</span><span class="p">:</span>
|
|
|
+<div class="highlight"><pre><span></span><code><span class="nt">genericTargets</span><span class="p">:</span>
|
|
|
<span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
-<span class="w"> </span><span class="nt">rbac</span><span class="p">:</span>
|
|
|
-<span class="w"> </span><span class="nt">configMaps</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
-<span class="w"> </span><span class="nt">customResources</span><span class="p">:</span>
|
|
|
-<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">"config.example.com"</span><span class="p p-Indicator">]</span>
|
|
|
-<span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">"appconfigs"</span><span class="p p-Indicator">]</span>
|
|
|
+<span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">"config.example.com"</span><span class="p p-Indicator">]</span>
|
|
|
+<span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">"appconfigs"</span><span class="p p-Indicator">]</span>
|
|
|
+<span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">"get"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"list"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"watch"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"create"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"update"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"patch"</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">"delete"</span><span class="p p-Indicator">]</span>
|
|
|
</code></pre></div>
|
|
|
<p>Without these permissions, the operator will not be able to create or update your target resources.</p>
|
|
|
|