mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

docs: update for vault-k8s 0.16.0 (#15379)

Browse Source
This commit is contained in:
Theron Voran 2022-05-12 11:04:36 -07:00 committed by GitHub
parent 854a6f4a08
commit d9b4012bb4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/docs/platform/k8s/injector/annotations.mdx
View File

@ -28,7 +28,7 @@ them, optional commands to run, etc.
- `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This
value overrides the default image configured in the controller and is usually value overrides the default image configured in the controller and is usually
not needed. Defaults to `hashicorp/vault:1.9.4`. not needed. Defaults to `hashicorp/vault:1.10.2`.
- `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent
init container first if `true` (last if `false`). This is useful when other init init container first if `true` (last if `false`). This is useful when other init
@ -192,6 +192,10 @@ them, optional commands to run, etc.
- `vault.hashicorp.com/agent-service-account-token-volume-name` - the optional name of a projected volume containing a service account token for use with auto-auth against Vault's Kubernetes auth method. If the volume is mounted to another container in the deployment, the token volume will be mounted to the same location in the vault-agent containers. Otherwise it will be mounted at the default location of `/var/run/secrets/vault.hashicorp.com/serviceaccount/`. - `vault.hashicorp.com/agent-service-account-token-volume-name` - the optional name of a projected volume containing a service account token for use with auto-auth against Vault's Kubernetes auth method. If the volume is mounted to another container in the deployment, the token volume will be mounted to the same location in the vault-agent containers. Otherwise it will be mounted at the default location of `/var/run/secrets/vault.hashicorp.com/serviceaccount/`.
- `vault.hashicorp.com/agent-enable-quit` - enable the [`/agent/v1/quit` endpoint](/docs/agent#quit) on an injected agent. This option defaults to false, and if true will be set on the existing cache listener, or a new localhost listener with a basic cache stanza configured. The [agent-cache-listener-port annotation](/docs/platform/k8s/injector/annotations#vault-hashicorp-com-agent-cache-listener-port) can be used to change the port.
- `vault.hashicorp.com/go-max-procs` - set the `GOMAXPROCS` environment variable for injected agents
## Vault Annotations ## Vault Annotations
Vault annotations change how the Vault Agent containers communicate with Vault. For Vault annotations change how the Vault Agent containers communicate with Vault. For
@ -213,6 +217,10 @@ etc.
Defaults to `kubernetes`. For a list of valid authentication methods, see the Vault Agent Defaults to `kubernetes`. For a list of valid authentication methods, see the Vault Agent
[auto-auth documentation](/docs/agent/autoauth/methods). [auto-auth documentation](/docs/agent/autoauth/methods).
- `vault.hashicorp.com/auth-min-backoff` - set the [min_backoff](/docs/agent/autoauth#min_backoff) option in the auto-auth config. Requires Vault 1.11+.
- `vault.hashicorp.com/auth-max-backoff` - set the [max_backoff](/docs/agent/autoauth#max_backoff) option in the auto-auth config
- `vault.hashicorp.com/ca-cert` - path of the CA certificate used to verify Vault's - `vault.hashicorp.com/ca-cert` - path of the CA certificate used to verify Vault's
TLS. TLS.