arheom commented on issue #1125:
URL: https://github.com/apache/camel-karavan/issues/1125#issuecomment-1946392505
There are 2 cases:
1. if you use devmode (run from the top right) - then the karavan service
account should be used, from my understanding. You might need to update the
karavan role, bound to the karavan service account, to allow get and list verbs
on the secrets resources. If this is your case, not sure why you have another
service account. Maybe karavan.builder.service.account=karavan could be set to
the kubernetes-application.properties, but I assume thats for the builder.
2. If you build and deploy, then you need to assign a service account to the
deployment. I recommend to create a new service account, and a new role and a
new binding, so every integration runs with minimum security to function
correctly. This means to add to the project: role.jkube.yaml,
rolebinding.jbube.yaml and deployment.jkube.yaml. Then in the deployment to
define a new serviceAccountName, which you will bind to a role, like this:
```
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: myServiceAccountName
namespace: myNamespace
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- 'get'
- 'list'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
