Closed f4z3r closed 8 months ago
I will create the PR for the documentation on the main repo later this week.
Any updates on the implementation of this PR?
@tommy-heyde-olsen I guess I am waiting for a review. The documentation PR on the main repo is done and I added a PR to support this use case in the helm chart as well. Have not goten feedback yet though.
Would be great to see this get some attention and get merged. We could really use this feature.
Closing in favor of #218 VAULT-6936
Overview
Add possibility to reference the namespace from which ServiceAccounts authenticate via a label selector. This is useful in scenarios where Kubernetes namespaces are provided to teams by infrastructure teams, and standardized service accounts should be enabled to perform actions against Vault. At the moment, adding a namespace and service account within that namespace implies modifying the role on the Kubernetes authentication method. With this improvement, infrastructure teams can control what namespaces are allowed to connect to Vault via labels on the namespace itself.
Design of Change
See discussion in https://github.com/hashicorp/vault/issues/16222.
Related Issues/Pull Requests
[ ] Issue #155
Contributor Checklist
[x] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet hashicorp/vault#19318 [x] Backwards compatible