chore(docs): update docs

FalcoSuessgott · Nov 18, 2024 · af8e8a3 · af8e8a3
1 parent d2d41aa
commit af8e8a3
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -23,15 +23,13 @@ To do so, you will have to enable Data at Rest encryption, by configuring the `k
 
 :warning: As a result of that, **the `kube-apiserver` requires the `vault-kubernetes-kms` plugin to be up & running before the `kube-apiserver` starts**. To ensure this, setting a priority class in the plugins manifest (`"priorityClassName: system-node-critical"`) is recommended. :warning:
 
-:warning: **`vault-kubernetes-kms` is in early stage! Running it in Production is not yet recommended. Im looking for early adopters in order to  gather important feedback.** :warning:
-
 **[Check out the official documentation](https://falcosuessgott.github.io/vault-kubernetes-kms/)**
 
 ## Features
 * support [Vault Token](https://developer.hashicorp.com/vault/docs/auth/token), [AppRole](https://developer.hashicorp.com/vault/docs/auth/approle) authentication (Since a static pod cannot reference any other Kubernetes API-Objects, Vaults Kubernetes Authentication is not possible.)
 * support Kubernetes [KMS Plugin v1 (deprecated since `v1.28.0`) & v2 (stable in `v1.29.0`)](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/#before-you-begin)
-* automatic Token Renewal for avoiding Token expiry
-* Exposes useful Prometheus Metrics
+* [automatic Token Renewal for avoiding Token expiry](https://falcosuessgott.github.io/vault-kubernetes-kms/configuration/#cli-args-environment-variables)
+* [Exposes useful Prometheus Metrics](https://falcosuessgott.github.io/vault-kubernetes-kms/metrics/#prometheus-metrics)
 
 ## Without a KMS Provider
 ```bash

diff --git a/assets/vault-kubernetes-kms.yml b/assets/vault-kubernetes-kms.yml
@@ -33,7 +33,7 @@ spec:
           memory: 128Mi
         limits:
           cpu: 2
-          memory: 256Mi
+          memory: 1Gi
   volumes:
     # mount /opt/kms host directory
     - name: kms

diff --git a/cmd/plugin.go b/cmd/plugin.go
@@ -59,7 +59,7 @@ type Options struct {
 	HealthPort string `env:"HEALTH_PORT" envDefault:"8080"`
 
 	// Disable KMSv1 Plugin
-	DisableV1 bool `env:"DISABLE_V1" envDefault:"true"`
+	DisableV1 bool `env:"DISABLE_V1" envDefault:"false"`
 
 	Version bool
 }

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -151,7 +151,7 @@ List of required and optional CLI args/env vars. **Furthermore, all of Vaults [E
 
 * **(Optional)**: `-debug` (`VAULT_KMS_DEBUG`)
 * **(Optional)**: `-health-port` (`VAULT_KMS_HEALTH_PORT`); default: `":8080"`
-* **(Optional)**: `-disable-v1` (`VAULT_KMS_DISABLE_V1`); default: `"false"`
+* **(Optional)**: `-disable-v1` (`VAULT_KMS_DISABLE_V1`); default: `"true"`
 
 
 ### Example Vault Token Auth
@@ -191,7 +191,7 @@ spec:
           memory: 128Mi
         limits:
           cpu: 2
-          memory: 256Mi
+          memory: 1Gi
   volumes:
     - name: kms
       hostPath:
@@ -236,7 +236,7 @@ spec:
           memory: 128Mi
         limits:
           cpu: 2
-          memory: 256Mi
+          memory: 1Gi
   volumes:
     - name: kms
       hostPath:
@@ -293,7 +293,7 @@ spec:
           memory: 128Mi
         limits:
           cpu: 2
-          memory: 256Mi
+          memory: 1Gi
   volumes:
     - name: kms
       hostPath:

diff --git a/docs/index.md b/docs/index.md
@@ -28,5 +28,5 @@ To do so, you will have to enable Data at Rest encryption, by configuring the `k
 ## Features
 * support [Vault Token Auth](https://developer.hashicorp.com/vault/docs/auth/token) (not recommended for production), [AppRole](https://developer.hashicorp.com/vault/docs/auth/approle) and [Vault Kubernetes Auth](https://developer.hashicorp.com/vault/docs/auth/kubernetes) using the Plugins Service Account
 * support Kubernetes [KMS Plugin v1 (deprecated since `v1.28.0`) & v2 (stable in `v1.29.0`)](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/#before-you-begin)
-* automatic Token Renewal for avoiding Token expiry
-* Exposes useful Prometheus Metrics
+* [automatic Token Renewal for avoiding Token expiry](https://falcosuessgott.github.io/vault-kubernetes-kms/configuration/#cli-args-environment-variables)
+* [Exposes useful Prometheus Metrics](https://falcosuessgott.github.io/vault-kubernetes-kms/metrics/#prometheus-metrics)
diff --git a/scripts/vault-kubernetes-kms.yml b/scripts/vault-kubernetes-kms.yml
@@ -14,7 +14,7 @@ spec:
       imagePullPolicy: IfNotPresent
       command:
         - /vault-kubernetes-kms
-        - -vault-address=http://host.docker.internal:8200
+        - -vault-address=http://172.17.0.1:8200
         - -auth-method=token
         - -token=root
       volumeMounts:
@@ -35,7 +35,7 @@ spec:
           memory: 128Mi
         limits:
           cpu: 2
-          memory: 256Mi
+          memory: 1Gi
   volumes:
     # mount /opt/kms host directory
     - name: kms