luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

docs: update for vault-k8s 0.16.0 (#15379)

This commit is contained in:
Theron Voran 2022-05-12 11:04:36 -07:00 committed by GitHub
parent 6f15ac255a
commit 558e9a364b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/docs/platform/k8s/injector/annotations.mdx
View File

@ -28,7 +28,7 @@ them, optional commands to run, etc.
- `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This
value overrides the default image configured in the controller and is usually
not needed. Defaults to `hashicorp/vault:1.9.4`.
not needed. Defaults to `hashicorp/vault:1.10.2`.
- `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent
init container first if `true` (last if `false`). This is useful when other init
@ -192,6 +192,10 @@ them, optional commands to run, etc.
- `vault.hashicorp.com/agent-service-account-token-volume-name` - the optional name of a projected volume containing a service account token for use with auto-auth against Vault's Kubernetes auth method. If the volume is mounted to another container in the deployment, the token volume will be mounted to the same location in the vault-agent containers. Otherwise it will be mounted at the default location of `/var/run/secrets/vault.hashicorp.com/serviceaccount/`.
- `vault.hashicorp.com/agent-enable-quit` - enable the [`/agent/v1/quit` endpoint](/docs/agent#quit) on an injected agent. This option defaults to false, and if true will be set on the existing cache listener, or a new localhost listener with a basic cache stanza configured. The [agent-cache-listener-port annotation](/docs/platform/k8s/injector/annotations#vault-hashicorp-com-agent-cache-listener-port) can be used to change the port.
- `vault.hashicorp.com/go-max-procs` - set the `GOMAXPROCS` environment variable for injected agents
## Vault Annotations
Vault annotations change how the Vault Agent containers communicate with Vault. For
@ -213,6 +217,10 @@ etc.
Defaults to `kubernetes`. For a list of valid authentication methods, see the Vault Agent
[auto-auth documentation](/docs/agent/autoauth/methods).
- `vault.hashicorp.com/auth-min-backoff` - set the [min_backoff](/docs/agent/autoauth#min_backoff) option in the auto-auth config. Requires Vault 1.11+.
- `vault.hashicorp.com/auth-max-backoff` - set the [max_backoff](/docs/agent/autoauth#max_backoff) option in the auto-auth config
- `vault.hashicorp.com/ca-cert` - path of the CA certificate used to verify Vault's
TLS.