-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issuer/ClusterIssuer support to specify vault token on local filesystem #5437
Comments
Anybody? This looks like a flawed implementation ending up with an orphaned vault token with high TTL or some custom side-car implementation that updated the Kubernetes secret with refreshed Vault token and restarts cert-manager. |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The documentation https://cert-manager.io/v0.16-docs/configuration/vault/ sais:
Can I suggest an option
auth.vaultTokenPath
on local filesystem as an alternative forauth.tokenSecretRef
? Then we can use a Vault sidecar that takes care of token refreshes in a shared volume mount with the cert-manager container. https://www.vaultproject.io/docs/platform/k8s/injectorThe text was updated successfully, but these errors were encountered: