Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: k8s annotations for static_secret_render_interval #12244

Merged
merged 4 commits into from
Aug 18, 2021
Merged

Docs: k8s annotations for static_secret_render_interval #12244

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
78a9896
Docs: k8s annotations for static_secret_render_interval
burdandrei Aug 4, 2021
5854246
Update website/content/docs/platform/k8s/injector/annotations.mdx
burdandrei Aug 15, 2021
eba8dbc
whitespace
tvoran Aug 18, 2021
d113d34
Merge remote-tracking branch 'origin' into docs-k8s-annotations-templ…
tvoran Aug 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions website/content/docs/platform/k8s/injector/annotations.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,21 +72,25 @@ them, optional commands to run, etc.
`vault.hashicorp.com/agent-inject-secret-foobar` is configured,
`vault.hashicorp.com/agent-inject-file-foobar` would configure the filename.

- `vault.hashicorp.com/agent-inject-template-file` - configures the path and filename of the
custom template to use. This should be used with `vault.hashicorp.com/extra-secret`,
which mounts a Kubernetes secret to `/vault/custom`. To map a template file to a specific secret,
use the same unique secret name: `vault.hashicorp.com/agent-inject-template-file-SECRET-NAME`.
- `vault.hashicorp.com/agent-inject-template-file` - configures the path and filename of the
custom template to use. This should be used with `vault.hashicorp.com/extra-secret`,
which mounts a Kubernetes secret to `/vault/custom`. To map a template file to a specific secret,
use the same unique secret name: `vault.hashicorp.com/agent-inject-template-file-SECRET-NAME`.
For example, if a secret annotation `vault.hashicorp.com/agent-inject-secret-foobar` is configured,
`vault.hashicorp.com/agent-inject-template-file-foobar` would configure the template file.

- `vault.hashicorp.com/agent-inject-default-template` - configures the default template type for rendering
- `vault.hashicorp.com/agent-inject-default-template` - configures the default template type for rendering
secrets if no custom template is defined. Possible values include `map` and `json`. Defaults to `map`.

- `vault.hashicorp.com/template-config-exit-on-retry-failure` - controls whether
Vault Agent exits after it has exhausted its number of template retry attempts
due to failures. Defaults to `true`. See [Vault Agent Template
Config](/docs/agent/template-config) for more details.

- `vault.hashicorp.com/template-static-secret-render-interval` - If specified,
configures how often Vault Agent Template should render non-leased secrets such as KV v2.
Defaults to `5m`. See [Vault Agent Template Config](/docs/agent/template-config) for more details.
burdandrei marked this conversation as resolved.
Show resolved Hide resolved

- `vault.hashicorp.com/agent-extra-secret` - mounts Kubernetes secret as a volume at
`/vault/custom` in the sidecar/init containers. Useful for custom Agent configs with
auto-auth methods such as approle that require paths to secrets be present.
Expand Down