Allow passing an array to credentialsConfig
#425
Labels
kind/enhancement
Categorizes issue or PR as related to an improvement.
priority/low
Issue that might be added to backlog or be rejected.
priority/waiting
Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Problem
Currently, it's not possible to configure multiple sets of credentials with
credentialsConfig
, as it only accepts an object, such as:In most circumstances this isn't an issue as the vast majority of users will only have instances in a single cloud authenticating with vault.
Where it becomes a little painful is when you have instances in multiple clouds and want to authenticate them with Vault using IAM plugins. For example, if you're using both AWS and GCP IAM-based auth, Vault needs credentials for both cloud providers in order to verify the authentication requests sent by instances.
Proposed solution
Ideally, the CRD would allow an array to be provided in
credentialsConfig
, like this:For backwards compatibility, it could still allow a single object to be passed in.
Alternatives (current workaround)
To get around this, we're currently using a mixture of
volumes
,volumeMounts
andvaultEnvsConfig
:This does the job, and isn't too bad, but is slightly less convenient and was a little harder to discover.
Additional context
I realise this is only relevant for people with instances in multiple clouds, so probably not the highest priority. If you think it's a good idea I'm happy to have a go at adding it. Would appreciate a pointer towards the right place to edit and then run any codegen for the CRDs if so!
The text was updated successfully, but these errors were encountered: