Skip to content

Commit

Permalink
docs: update for vault-k8s 0.16.0 (#15379)
Browse files Browse the repository at this point in the history
  • Loading branch information
tvoran authored May 12, 2022
1 parent 854a6f4 commit d9b4012
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion website/content/docs/platform/k8s/injector/annotations.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ them, optional commands to run, etc.

- `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This
value overrides the default image configured in the controller and is usually
not needed. Defaults to `hashicorp/vault:1.9.4`.
not needed. Defaults to `hashicorp/vault:1.10.2`.

- `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent
init container first if `true` (last if `false`). This is useful when other init
Expand Down Expand Up @@ -192,6 +192,10 @@ them, optional commands to run, etc.

- `vault.hashicorp.com/agent-service-account-token-volume-name` - the optional name of a projected volume containing a service account token for use with auto-auth against Vault's Kubernetes auth method. If the volume is mounted to another container in the deployment, the token volume will be mounted to the same location in the vault-agent containers. Otherwise it will be mounted at the default location of `/var/run/secrets/vault.hashicorp.com/serviceaccount/`.

- `vault.hashicorp.com/agent-enable-quit` - enable the [`/agent/v1/quit` endpoint](/docs/agent#quit) on an injected agent. This option defaults to false, and if true will be set on the existing cache listener, or a new localhost listener with a basic cache stanza configured. The [agent-cache-listener-port annotation](/docs/platform/k8s/injector/annotations#vault-hashicorp-com-agent-cache-listener-port) can be used to change the port.

- `vault.hashicorp.com/go-max-procs` - set the `GOMAXPROCS` environment variable for injected agents

## Vault Annotations

Vault annotations change how the Vault Agent containers communicate with Vault. For
Expand All @@ -213,6 +217,10 @@ etc.
Defaults to `kubernetes`. For a list of valid authentication methods, see the Vault Agent
[auto-auth documentation](/docs/agent/autoauth/methods).

- `vault.hashicorp.com/auth-min-backoff` - set the [min_backoff](/docs/agent/autoauth#min_backoff) option in the auto-auth config. Requires Vault 1.11+.

- `vault.hashicorp.com/auth-max-backoff` - set the [max_backoff](/docs/agent/autoauth#max_backoff) option in the auto-auth config

- `vault.hashicorp.com/ca-cert` - path of the CA certificate used to verify Vault's
TLS.

Expand Down

0 comments on commit d9b4012

Please sign in to comment.