Skip to content

Version 1.11.0 / 2020-12-30
Compare
Choose a tag to compare
@ricoberger ricoberger released this 30 Dec 16:56
1.11.0
4b1a243

It is now possible to specify a vaultRole property for the VaultSecret CR, which defines the Vault Role which should be used to retrieve a secret from Vault.

apiVersion: ricoberger.de/v1alpha1
kind: VaultSecret
metadata:
  name: kvv1-example-vaultsecret
spec:
  vaultRole: my-custom-vault-role
  path: kvv1/example-vaultsecret
  type: Opaque

We are creating a shared client for requests against the Vault API, when the VAULT_KUBERNETES_ROLE (vault.kubernetesRole) environment variable is set. This shared client is used to get the secrets from Vault.

When the vaultRole property for a secret is set, we will ignore the shared client and instead we create a new client to get the secret from Vault.

For that the operator will now also start when the VAULT_KUBERNETES_ROLE environment variable isn't set when the Kubernetes auth method is used. We only log a warning that no shared client was created. This means that each secret must have set the vaultRole property.

Assets 2
Loading