-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to set numerous Vault configuration options #95
Comments
I've opened a PR that handles additional I started with this method to avoid tight coupling to the implementation details of Vault and not require additional updates if annotations are added/changed/remove. However, I am happy to enumerate out the current annotations similar to what was done for a number of the required annotations if this is more desired. This issue is more impactful to us than other issues I've brought up, and would prefer this one has priority over any of my others. |
@jjustinic You bring up some good points and a valid reason to support any number of annotations for vault.hashicorp.com in a generic way. I'm about to create another enhancement request to handle any generic annotations to be put at the top level of the k8s resource, similar to how we can put labels there. This is specific to the template annotations and related. |
Thanks @tsigle. Support for generic annotations could solve this. However, support for the generic annotations at the top level would not help for this particular case. For Vault, the annotation needs to be on the pod spec, not just the top level controller. So, the current contents of the |
@jjustinic I agree on the generic annotations, just was mentioning that, as it was another thread I was working on. There is always a tug-a-war between making everything open-ended for the learned folks on vault -vs- hand feeding them with specific value name/values. I'm thinking of proposing the following:
This would basically emit:
Where the I think that if we allow for annotations to get set, they would just override/add settings. |
Hi @jjustinic . I think the collab on this is working out well. I see how you addressed sending these annotations in as their name appending to the default
With an injected value of:
resulting annotations would look like (notice overridden
|
Currently, the chart only supports configuring a few of the Hashicorp Vault annotations listed at https://www.vaultproject.io/docs/platform/k8s/injector/annotations on a workload.
In some enterprise environments, the default values will not work and it is necessary to customize the configuration in order to use the chart with Vault. Examples include when multiple clusters are configured at different
auth-path
s and using a customtls-secret
when Vault instances are only available internally and use an enterprise CA.The text was updated successfully, but these errors were encountered: