Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added extra-secret annotation for adding kube-secrets #119

Merged
merged 2 commits into from
Sep 10, 2020
Merged

added extra-secret annotation for adding kube-secrets #119

merged 2 commits into from
Sep 10, 2020

Conversation

rollerd
Copy link
Contributor

@rollerd rollerd commented Apr 9, 2020

  • Adds annotation:
    vault.hashicorp.com/agent-extra-secret: <somekubesecret>
    which will mount the supplied Kubernetes secret as a volume at /vault/custom in the sidecar/init containers. Useful for custom Agent configs with auto-auth methods such as approle that require paths to secrets be present.

  • To use: create a custom agent configmap (with config.hcl or config-init.hcl as secret keys), create a deployment with the new annotation, create a Kube secret with the roleid/secretid/other secret you reference from your configmap (/vault/custom/somesecret).

@rollerd rollerd mentioned this pull request Apr 9, 2020
Closed
@pcman312 pcman312 added enhancement New feature or request injector Area: mutating webhook service labels Apr 13, 2020
@karras
Copy link

karras commented Jun 10, 2020

What is the status here? We also would prefer using Kube secrets instead of directly writing files.

@tvoran tvoran self-requested a review September 9, 2020 15:50
tvoran
tvoran approved these changes Sep 10, 2020
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the patch! And apologies for the delay.

@tvoran tvoran merged commit b480df3 into hashicorp:master Sep 10, 2020
@lcgkm
Copy link

lcgkm commented Oct 20, 2020

Awesome! I look forward to the official release of this feature.

@adawalli
Copy link

same here @lcgkm - we have a Vault Endpoint that "in the cloud" but our k8s cluster is on prem and thus the k8s auth just doesn't work for us.

I am also hoping we can get a learn article (or even just a Readme.md in this repo) for examples on how this feature can be used (specifically against something like approle!)

@adawalli adawalli mentioned this pull request Oct 23, 2020
Closed
NLRemco pushed a commit to NLRemco/vault-k8s that referenced this pull request Feb 22, 2022
@rollerd @tvoran
added extra-secret annotation for adding kube-secrets (hashicorp#119)
7bb5235 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request injector Area: mutating webhook service
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rollerd @karras @lcgkm @adawalli @tvoran @pcman312