Skip to content

add note for csi-provider #30558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
schavis merged 5 commits into from
Jul 15, 2025
Merged

add note for csi-provider #30558

schavis merged 5 commits into from
Jul 15, 2025

Conversation

@hashiblaum
Copy link
Member

@hashiblaum hashiblaum commented May 8, 2025

Adds a note to the CSI Provider doc. This informs user of unexpected behavior if the Vault Agent container within the CSI Provider pod is stopped at any point.

Vault Agent manages the leases for secrets consumed by pods using the CSI Provider to read secrets from Vault.

@hashiblaum hashiblaum requested review from a team as code owners May 8, 2025 17:40
@hashiblaum hashiblaum requested review from anwittin and scellef May 8, 2025 17:40
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label May 8, 2025
@hashiblaum hashiblaum added this to the 1.20.0-rc milestone May 8, 2025
@github-actions
Copy link

github-actions bot commented May 8, 2025

CI Results:
All Go tests succeeded! ✅

@hashiblaum hashiblaum added the docs label May 8, 2025
@github-actions
Copy link

github-actions bot commented May 8, 2025

Build Results:
All builds succeeded! ✅

schavis
schavis requested changes May 10, 2025
View reviewed changes
hashiblaum and others added 2 commits May 12, 2025 10:48
@hashiblaum @schavis
Update website/content/docs/deploy/kubernetes/csi/index.mdx
d53d108 
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
@hashiblaum @schavis
Update website/content/docs/deploy/kubernetes/csi/index.mdx
cbf9c48 
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
@hashiblaum hashiblaum requested review from schavis and stevealmyHC May 12, 2025 16:06
stevealmyHC
stevealmyHC reviewed May 12, 2025
View reviewed changes
Copy link

@stevealmyHC stevealmyHC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be more educational to recap:

  • Vault Agent does not track state (including tokens) across restarts
  • ... therefore, is unable to refresh tokens and renew leases created by previous Agent instantiations
  • ... and Vault eventually revokes those leases on token expiration

Vault is the entity that revokes this lease, not Agent

@schavis schavis merged commit f74fec8 into main Jul 15, 2025
39 checks passed
@schavis schavis deleted the VAULT-34107/update-csi-provider-doc branch July 15, 2025 00:43
Merged
Erfankam pushed a commit to Erfankam/vault that referenced this pull request Sep 1, 2025
@hashiblaum @schavis
add note for csi-provider (hashicorp#30558)
052ff21 
* add note for csi-provider

* remove fully qualified link

* Update website/content/docs/deploy/kubernetes/csi/index.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/deploy/kubernetes/csi/index.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@schavis schavis schavis approved these changes

@scellef scellef Awaiting requested review from scellef scellef is a code owner automatically assigned from hashicorp/vault-customer-engineering

@anwittin anwittin Awaiting requested review from anwittin anwittin is a code owner automatically assigned from hashicorp/vault-customer-engineering

+1 more reviewer

@stevealmyHC stevealmyHC stevealmyHC left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

docs hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog

Projects

None yet

Milestone

1.20.0-rc

Development

Successfully merging this pull request may close these issues.

3 participants

@hashiblaum @schavis @stevealmyHC