This repository was archived by the owner on Jan 13, 2026. It is now read-only.
This repository was archived by the owner on Jan 13, 2026. It is now read-only.
Cannot create private apprepository in namespace. #8381
Description
Describe the bug
Not able to create a private apprepository even though the user has full access to a specific namespace with "kubeapps:${KUBEAPPS_NAMESPACE}:apprepositories-write" role assigned to its binding.
To Reproduce
Steps to reproduce the behavior:
- Follow the guide as mentioned here to allow write access to applications in a namespace.
- Then add another roleBinding to allow access to write the appRepositories within the same namespace using guide here
- So now we have two rolebindings, which allows the user to access a specific namespaced applications & appRepositories with read and write permission.
- Now try to login with this user and create an appRepository with Private Helm repo details.
- The result will be failure in appRepository creation with error:
An error occurred while creating the repository: Unable to add package repository "privRepo" using the plugin "helm.packages": internal: secrets is forbidden: User "[email protected]" cannot create resource "secrets" in API group "" in the namespace "kubeapps": decision made by impersonation-proxy.concierge.pinniped.dev. - Here the kubeapps is trying to create the k8s secrets to store the Helm Repo credentials in the namespace where the kubeapps is installed.
- But, as per the guide above, the rolebinding for namespace should allow the users to create the app-repositories in the specific namespaces.
Expected behavior
The expectation is to get the appRepositories with Authentication config created for user having role: "kubeapps:${KUBEAPPS_NAMESPACE}:apprepositories-write" successfully.
Screenshots
Desktop (please complete the following information):
- Version [2.9.0]
- Kubernetes version [1.27.9]
- Package version [Helm 3.2]
Additional context
NA