Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Vault Namespace #20

Closed
ghost opened this issue Dec 23, 2019 · 6 comments · Fixed by #82
Closed

Support for Vault Namespace #20

ghost opened this issue Dec 23, 2019 · 6 comments · Fixed by #82
Assignees
Labels
enhancement New feature or request injector Area: mutating webhook service
Milestone

Comments

@ghost
Copy link

ghost commented Dec 23, 2019

The enterprise vault supports vault namespaces, but it seems that none of the annotations support it.

Something like

vault.hashicorp.com/namespace: "ns2/secret/foo"

It seems that the only way to do so is by mounting my own configuration files using configmap.

Perhaps I missed something, please advise. Thanks!

@jasonodonnell
Copy link
Contributor

We can add an annotation to do this.

@jasonodonnell jasonodonnell added the enhancement New feature or request label Dec 23, 2019
@jasonodonnell jasonodonnell added this to the v.0.2.0 milestone Jan 2, 2020
@ecejas
Copy link

ecejas commented Jan 9, 2020

@jasonodonnell @darren-welab can you please provide an example on how to specify the vault namespace? The current vault stanza doesn't have an option for namespace (https://www.vaultproject.io/docs/agent/index.html#vault-stanza). I am not looking at the right place? Or, this doesn't work with vault namespaces currently? Thanks!

@jasonodonnell
Copy link
Contributor

There's no annotations for namespaces at this time, however you can mount a custom configuration file to do it https://www.vaultproject.io/docs/platform/k8s/injector/examples.html#configmap-example

@ecejas
Copy link

ecejas commented Jan 9, 2020

I am using that example (just config-init.hcl), but how I specify the vault namespace? I thought it would be under "vault" and that's why I checked the Vault stanza.

@jasonodonnell
Copy link
Contributor

@ecejas My apologies, I was mistaken, there's not a Vault namespace setting in the configuration file (there's one under the method stanza, but it's not the Vault namespace). It looks like only an environment variable will do, which is currently not possible with this version of Vault K8s. We expect to have namespace support in 0.2.0, so look for that once it releases.

@tvoran tvoran added the injector Area: mutating webhook service label Jan 22, 2020
@malnick malnick self-assigned this Jan 23, 2020
@malnick
Copy link

malnick commented Jan 23, 2020

Implementation outlined in #55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request injector Area: mutating webhook service
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants