diff --git a/keda/templates/10-keda-clusterrole.yaml b/keda/templates/10-keda-clusterrole.yaml index 4c1e0c3c..c8edbc76 100644 --- a/keda/templates/10-keda-clusterrole.yaml +++ b/keda/templates/10-keda-clusterrole.yaml @@ -23,7 +23,9 @@ rules: resources: - external - pods + {{- if eq .Values.permissions.operator.restrict.secret false }} - secrets + {{- end }} - services verbs: - get diff --git a/keda/templates/12-keda-deployment.yaml b/keda/templates/12-keda-deployment.yaml index 784c6f82..ab611dfe 100644 --- a/keda/templates/12-keda-deployment.yaml +++ b/keda/templates/12-keda-deployment.yaml @@ -106,6 +106,10 @@ spec: - name: KEDA_HTTP_DEFAULT_TIMEOUT value: {{ .Values.http.timeout | quote }} {{- end }} + {{- if .Values.permissions.operator.restrict.secret }} + - name: KEDA_RESTRICT_SECRET_ACCESS + value: {{ .Values.permissions.operator.restrict.secret | quote }} + {{- end }} {{- if .Values.env }} {{- toYaml .Values.env | nindent 12 -}} {{- end }} diff --git a/keda/templates/22-metrics-deployment.yaml b/keda/templates/22-metrics-deployment.yaml index a26c99f6..26a7b7dc 100644 --- a/keda/templates/22-metrics-deployment.yaml +++ b/keda/templates/22-metrics-deployment.yaml @@ -88,6 +88,10 @@ spec: - name: KEDA_HTTP_DEFAULT_TIMEOUT value: {{ .Values.http.timeout | quote }} {{- end }} + {{- if .Values.permissions.metricServer.restrict.secret }} + - name: KEDA_RESTRICT_SECRET_ACCESS + value: {{ .Values.permissions.metricServer.restrict.secret | quote }} + {{- end }} {{- if .Values.env }} {{- toYaml .Values.env | nindent 12 -}} {{- end }} diff --git a/keda/values.yaml b/keda/values.yaml index aadb0749..e4761a9d 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -319,3 +319,11 @@ prometheus: # expr: sum by ( scaledObject , scaler) (rate(keda_metrics_adapter_scaler_errors[2m])) > 0 # for: 2m # labels: + +permissions: + metricServer: + restrict: + secret: false + operator: + restrict: + secret: false