Sometimes a custom auth config attribute is required when using an auth type other than kubernetes.
For example, when using the AWS auth type, it asks the user for an optional header_value.
If the AWS auth on the vault server is configured to mandatorily use the X-Vault-AWS-IAM-Server-ID argument, it must be passed in the header_value or else the login request will fail.
Because this configuration is set on the overall auth method's settings and not on individual auth roles, it makes more sense to configure this value one time in the vault agent injector deployment for a one to one mapping, instead of on the multiple deployments/jobs/etc objects.
Requesting a feature request to allow such custom configuration via environment variable or CLI flags. Example environment variable:
export AGENT_INJECT_VAULT_AUTH_TYPE="aws"
export AGENT_INJECT_VAULT_AUTH_PATH="auth/aws"
# Below is the proposed env variable
export AGENT_INJECT_VAULT_AUTH_CONFIG_EXTRA_ARGS="header_value:https://vault.addess:8200"
Although the injector allows the user to pass a custom auth config attribute as an annotation. Example:
Sometimes a custom auth config attribute is required when using an auth type other than kubernetes.
For example, when using the AWS auth type, it asks the user for an optional
header_value
. If the AWS auth on the vault server is configured to mandatorily use theX-Vault-AWS-IAM-Server-ID
argument, it must be passed in theheader_value
or else the login request will fail.Because this configuration is set on the overall auth method's settings and not on individual auth roles, it makes more sense to configure this value one time in the vault agent injector deployment for a one to one mapping, instead of on the multiple deployments/jobs/etc objects.
Requesting a feature request to allow such custom configuration via environment variable or CLI flags. Example environment variable:
This generates the config block as:
Another example:
This generates the config block as: