From 65f844cbe109ab9439fb8280716643742c0fba63 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 8 Jun 2026 23:00:22 +1000 Subject: [PATCH] Fix: add policy binding for forgebot K8s auth role Every K8s auth role needs at least one entry in the policy_auth_map. Add a policy granting the forgebot role read access to the namespace- scoped KV path, which the operator SA needs when authenticating with the forgebot role instead of the default role. --- policies/kv/service/forgebot/config/read.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 policies/kv/service/forgebot/config/read.yaml diff --git a/policies/kv/service/forgebot/config/read.yaml b/policies/kv/service/forgebot/config/read.yaml new file mode 100644 index 0000000..d4547d5 --- /dev/null +++ b/policies/kv/service/forgebot/config/read.yaml @@ -0,0 +1,9 @@ +--- +rules: + - path: "kv/data/kubernetes/namespace/forgebot/*" + capabilities: + - read + +auth: + k8s/au/syd1: + - forgebot