Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate secret token for vault-webhook-service-account #596

Open
2 tasks done
SergeiCherevko opened this issue Dec 13, 2024 · 0 comments
Open
2 tasks done

Generate secret token for vault-webhook-service-account #596

SergeiCherevko opened this issue Dec 13, 2024 · 0 comments
Labels
kind/enhancement Categorizes issue or PR as related to an improvement.

Comments

@SergeiCherevko
Copy link

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

After deploying the vault-webhook via Helm, we need to manually add a secret with a token to the Vault service account to pass this JWT to Vault.

Why don't you create a template to generate the secret?
Here, you create the service account:
https://github.com/bank-vaults/vault-secrets-webhook/blob/main/deploy/charts/vault-secrets-webhook/templates/webhook-rbac.yaml
So, why not include the generation of the JWT token secret here as well?
This way, for every new cluster, we only need to create an ArgoCD application to add a single manifest that generates the secret token for the existing Vault webhook service account.

Proposed Solution

add to this rbac manifest rbac template

apiVersion: v1
kind: Secret
metadata:
  name: vault-webhook-jwt-token
  namespace: vault
  annotations:
    kubernetes.io/service-account.name: {{ template "vault-secrets-webhook.serviceAccountName" . }}
type: kubernetes.io/service-account-token

Alternatives Considered

No response

Additional Information

No response

@SergeiCherevko SergeiCherevko added the kind/enhancement Categorizes issue or PR as related to an improvement. label Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement Categorizes issue or PR as related to an improvement.
Projects
None yet
Development

No branches or pull requests

1 participant