We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After deploying the vault-webhook via Helm, we need to manually add a secret with a token to the Vault service account to pass this JWT to Vault.
Why don't you create a template to generate the secret? Here, you create the service account: https://github.com/bank-vaults/vault-secrets-webhook/blob/main/deploy/charts/vault-secrets-webhook/templates/webhook-rbac.yaml So, why not include the generation of the JWT token secret here as well? This way, for every new cluster, we only need to create an ArgoCD application to add a single manifest that generates the secret token for the existing Vault webhook service account.
add to this rbac manifest rbac template
apiVersion: v1 kind: Secret metadata: name: vault-webhook-jwt-token namespace: vault annotations: kubernetes.io/service-account.name: {{ template "vault-secrets-webhook.serviceAccountName" . }} type: kubernetes.io/service-account-token
No response
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Preflight Checklist
Problem Description
After deploying the vault-webhook via Helm, we need to manually add a secret with a token to the Vault service account to pass this JWT to Vault.
Why don't you create a template to generate the secret?
Here, you create the service account:
https://github.com/bank-vaults/vault-secrets-webhook/blob/main/deploy/charts/vault-secrets-webhook/templates/webhook-rbac.yaml
So, why not include the generation of the JWT token secret here as well?
This way, for every new cluster, we only need to create an ArgoCD application to add a single manifest that generates the secret token for the existing Vault webhook service account.
Proposed Solution
add to this rbac manifest rbac template
Alternatives Considered
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: