mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-19 05:31:10 +02:00
Code Issues Projects Releases Wiki Activity

docs/vault-secrets-operator: 0.2.0 release updates (#22392)

Browse Source 
* docs/vault-secrets-operator: 0.2.0 release updates

* update k8s supported versions
This commit is contained in:
Theron Voran 2023-08-17 13:24:23 -07:00 committed by GitHub
parent 93f18cbd7a
commit 11aaca5102
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 48 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
website/content/docs/platform/k8s/vso/api-reference.mdx
View File

@ -7,9 +7,9 @@ description: >-
<!--
copied from docs/api/api-reference.md in the vault-secrets-operator repo.
commit SHA=90ae1b3095c65c1e3eeec157971bd6a3e2c3f5e1
commit SHA=06bc1738beb805455cc875f1b41e96ec35ecb514
-->
# API reference
# API Reference
## Packages
- [secrets.hashicorp.com/v1beta1](#secretshashicorpcomv1beta1)
@ -19,7 +19,7 @@ description: >-
Package v1beta1 contains API Schema definitions for the secrets v1beta1 API group
### Resource types
### Resource Types
- [VaultAuth](#vaultauth)
- [VaultAuthList](#vaultauthlist)
- [VaultConnection](#vaultconnection)
@ -201,8 +201,9 @@ _Appears in:_
| Field | Description |
| --- | --- |
| `vaultConnectionRef` _string_ | VaultConnectionRef of the corresponding VaultConnection CustomResource. If no value is specified the Operator will default to the `default` VaultConnection, configured in its own Kubernetes namespace. |
| `vaultConnectionRef` _string_ | VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace, eg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to namespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the Operator will default to `default` VaultConnection, configured in its own Kubernetes namespace. |
| `namespace` _string_ | Namespace to auth to in Vault |
| `allowedNamespaces` _string array_ | AllowedNamespaces Kubernetes Namespaces which are allow-listed for use with this AuthMethod. This field allows administrators to customize which Kubernetes namespaces are authorized to use with this AuthMethod. While Vault will still enforce its own rules, this has the added configurability of restricting which VaultAuthMethods can be used by which namespaces. Accepted values: []{"*"} - wildcard, all namespaces. []{"a", "b"} - list of namespaces. unset - disallow all namespaces except the Operator's the VaultAuthMethod's namespace, this is the default behavior. |
| `method` _string_ | Method to use when authenticating to Vault. |
| `mount` _string_ | Mount to use when authenticating to auth method. |
| `params` _object (keys:string, values:string)_ | Params to use when authenticating to Vault |
@ -313,7 +314,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
| `vaultAuthRef` _string_ | VaultAuthRef to the VaultAuth resource If no value is specified the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `vaultAuthRef` _string_ | VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace, eg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to namespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `namespace` _string_ | Namespace where the secrets engine is mounted in Vault. |
| `mount` _string_ | Mount path of the secret's engine in Vault. |
| `requestHTTPMethod` _string_ | RequestHTTPMethod to use when syncing Secrets from Vault. Setting a value here is not typically required. If left unset the Operator will make requests using the GET method. In the case where Params are specified the Operator will use the PUT method. Please consult [secrets](/vault/docs/secrets) if you are uncertain about what method to use. Of note, the Vault client treats PUT and POST as being equivalent. The underlying Vault client implementation will always use the PUT method. |
@ -372,7 +373,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
| `vaultAuthRef` _string_ | VaultAuthRef of the VaultAuth resource If no value is specified the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `vaultAuthRef` _string_ | VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace, eg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to namespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `namespace` _string_ | Namespace to get the secret from in Vault |
| `mount` _string_ | Mount for the secret in Vault |
| `role` _string_ | Role in Vault to use when issuing TLS certificates. |
@ -473,7 +474,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
| `vaultAuthRef` _string_ | VaultAuthRef of the VaultAuth resource If no value is specified the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `vaultAuthRef` _string_ | VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace, eg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to namespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will default to the `default` VaultAuth, configured in its own Kubernetes namespace. |
| `namespace` _string_ | Namespace to get the secret from in Vault |
| `mount` _string_ | Mount for the secret in Vault |
| `path` _string_ | Path of the secret in Vault, corresponds to the `path` parameter for, [kv-v1](/vault/api-docs/secret/kv/kv-v1#read-secret) [kv-v2](/vault/api-docs/secret/kv/kv-v2#read-secret-version) |

42
website/content/docs/platform/k8s/vso/helm.mdx
View File

@ -14,7 +14,7 @@ The chart is customizable using
the vault-secrets-operator repo's values.yaml: file commit=e9c2b499105d977fa23a9f746186253991ebcee1 -->
<!-- codegen: start -->
## Top-Level stanzas
## Top-Level Stanzas
Use these links to navigate to a particular top-level stanza.
@ -25,7 +25,7 @@ Use these links to navigate to a particular top-level stanza.
- [`telemetry`](#h-telemetry)
- [`tests`](#h-tests)
## All values
## All Values
### controller ((#h-controller))
@ -34,6 +34,22 @@ Use these links to navigate to a particular top-level stanza.
- `replicas` ((#v-controller-replicas)) (`integer: 1`) - Set the number of replicas for the operator.
- `nodeSelector` ((#v-controller-nodeselector)) (`map`) - nodeSelector labels for vault-secrets-operator pod assignment.
ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
Example:
nodeSelector:
beta.kubernetes.io/arch: amd64
- `tolerations` ((#v-controller-tolerations)) (`array<map>`) - Toleration Settings for vault-secrets-operator pod.
The value is an array of PodSpec Toleration maps.
ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
Example:
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
- `kubeRbacProxy` ((#v-controller-kuberbacproxy)) - Settings related to the kubeRbacProxy container. This container is an HTTP proxy for the
controller manager which performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
@ -41,7 +57,7 @@ Use these links to navigate to a particular top-level stanza.
- `repository` ((#v-controller-kuberbacproxy-image-repository)) (`string: gcr.io/kubebuilder/kube-rbac-proxy`)
- `tag` ((#v-controller-kuberbacproxy-image-tag)) (`string: v0.11.0`)
- `tag` ((#v-controller-kuberbacproxy-image-tag)) (`string: v0.14.1`)
- `resources` ((#v-controller-kuberbacproxy-resources)) (`map`) - Configures the default resources for the kube rbac proxy container.
For more information on configuring resources, see the K8s documentation:
@ -59,6 +75,18 @@ Use these links to navigate to a particular top-level stanza.
- `memory` ((#v-controller-kuberbacproxy-resources-requests-memory)) (`string: 64Mi`)
- `imagePullSecrets` ((#v-controller-imagepullsecrets)) (`array<map>`) - Image pull secret to use for private container registry authentication which will be applied to the controllers
service account. Alternatively, the value may be specified as an array of strings.
Example:
```yaml
imagePullSecrets:
- name: pull-secret-name-1
- name: pull-secret-name-2
```
Refer to https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry.
- `extraLabels` ((#v-controller-extralabels)) - Extra labels to attach to the deployment. This should be formatted as a YAML object (map)
- `annotations` ((#v-controller-annotations)) - This value defines additional annotations for the deployment. This should be formatted as a YAML object (map)
- `manager` ((#v-controller-manager)) - Settings related to the vault-secrets-operator container.
@ -67,7 +95,7 @@ Use these links to navigate to a particular top-level stanza.
- `repository` ((#v-controller-manager-image-repository)) (`string: hashicorp/vault-secrets-operator`)
- `tag` ((#v-controller-manager-image-tag)) (`string: 0.1.0`)
- `tag` ((#v-controller-manager-image-tag)) (`string: 0.2.0`)
- `clientCache` ((#v-controller-manager-clientcache)) - Configures the client cache which is used by the controller to cache (and potentially persist) vault tokens that
are the result of using the VaultAuthMethod. This enables re-use of Vault Tokens
@ -196,6 +224,12 @@ Use these links to navigate to a particular top-level stanza.
default: 100
- `extraEnv` ((#v-controller-manager-extraenv)) (`array<map>`) - Defines additional environment variables to be added to the
vault-secrets-opearator manager container.
extraEnv:
- name: HTTP_PROXY
value: http://proxy.example.com
- `resources` ((#v-controller-manager-resources)) (`map`) - Configures the default resources for the vault-secrets-operator container.
For more information on configuring resources, see the K8s documentation:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

4
website/content/partials/kubernetes-supported-versions.mdx
View File

@ -4,10 +4,10 @@ The following [Kubernetes minor releases][k8s-releases] are currently supported.
The latest version is tested against each Kubernetes version. It may work with
other versions of Kubernetes, but those are not supported.
* 1.27
* 1.26
* 1.25
* 1.24
* 1.23
* 1.22
[k8s-releases]: https://kubernetes.io/releases/
[k8s-releases]: https://kubernetes.io/releases/