search

hashicorp / vault-k8s

First-class support for Vault and Kubernetes.
Mozilla Public License 2.0
789 stars 170 forks source link

Allow the ability to override annotation defaults for injected containers (Init/Service) on the Injector Mutator. #283

Open sharkannon opened 3 years ago

sharkannon commented 3 years ago

The Injector is really nice, we've started using it, but we'd like the ability to override the defaults for things like:

        vault.hashicorp.com/auth-type: gcp
        vault.hashicorp.com/auth-path: auth/gcp
        vault.hashicorp.com/auth-config-type: gce
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/preserve-secret-case: "true"

Set them as our own custom defaults, such as the values above (cuts down on the lines in our yaml that we have to define per service.

pbar1 commented 3 years ago

You can specify CLI flags (or environment variables) for the injector to set global defaults for a couple of those:

vault-k8s agent-inject -vault-auth-path=auth/gcp -vault-auth-type=gcp
wc-s commented 2 years ago

This would be really useful for us. We're planning to roll out service mesh, and being able to set "vault.hashicorp.com/agent-init-first" to "true" globally, would be very helpful.