From 558e9a364b5fc1dfd524176d4fbace8bc22959ac Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Thu, 12 May 2022 11:04:36 -0700 Subject: [PATCH] docs: update for vault-k8s 0.16.0 (#15379) --- .../content/docs/platform/k8s/injector/annotations.mdx | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index e3dc2ea6c..d421ae2d9 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the controller and is usually - not needed. Defaults to `hashicorp/vault:1.9.4`. + not needed. Defaults to `hashicorp/vault:1.10.2`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init @@ -192,6 +192,10 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-service-account-token-volume-name` - the optional name of a projected volume containing a service account token for use with auto-auth against Vault's Kubernetes auth method. If the volume is mounted to another container in the deployment, the token volume will be mounted to the same location in the vault-agent containers. Otherwise it will be mounted at the default location of `/var/run/secrets/vault.hashicorp.com/serviceaccount/`. +- `vault.hashicorp.com/agent-enable-quit` - enable the [`/agent/v1/quit` endpoint](/docs/agent#quit) on an injected agent. This option defaults to false, and if true will be set on the existing cache listener, or a new localhost listener with a basic cache stanza configured. The [agent-cache-listener-port annotation](/docs/platform/k8s/injector/annotations#vault-hashicorp-com-agent-cache-listener-port) can be used to change the port. + +- `vault.hashicorp.com/go-max-procs` - set the `GOMAXPROCS` environment variable for injected agents + ## Vault Annotations Vault annotations change how the Vault Agent containers communicate with Vault. For @@ -213,6 +217,10 @@ etc. Defaults to `kubernetes`. For a list of valid authentication methods, see the Vault Agent [auto-auth documentation](/docs/agent/autoauth/methods). +- `vault.hashicorp.com/auth-min-backoff` - set the [min_backoff](/docs/agent/autoauth#min_backoff) option in the auto-auth config. Requires Vault 1.11+. + +- `vault.hashicorp.com/auth-max-backoff` - set the [max_backoff](/docs/agent/autoauth#max_backoff) option in the auto-auth config + - `vault.hashicorp.com/ca-cert` - path of the CA certificate used to verify Vault's TLS.