You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Configurations for Vault Webhook Injector (vault-k8s) and Vault CSI Provider allow default configuration of the auth mount point, and vault namespace.
I do not want my application teams to need to know about the namespace/mount, unless they are using shared secrets across namespaces.
Describe the solution you'd like
If namespace+mount have been configured on the operator then inherit if not defined in VaultAuth.
If they haven't then require mount, and leave namespace as optional.
Do not reject admission unless mount is not defaulted in the operator, and not defined in VaultAuth kubernetes resource.
Apps with method=kubernetes should only care for setting the role/service_account while running operations.
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: my-app-auth
namespace: app-ns
spec:
## values which should be defaulted from operator configuration
## they can be overridden here
method: kubernetes
namespace: app1
mount: kubernetes/my-happy-cluster
### end overrides
kubernetes:
role: my_app_role
serviceAccount: app-sa
audiences:
- vault
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Configurations for Vault Webhook Injector (vault-k8s) and Vault CSI Provider allow default configuration of the auth mount point, and vault namespace.
I do not want my application teams to need to know about the namespace/mount, unless they are using shared secrets across namespaces.
Describe the solution you'd like
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
The text was updated successfully, but these errors were encountered: