search

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
https://hashicorp.com
Other
454 stars 94 forks source link

Unable to set up VaultAuthList #635

Open monicabiswal147 opened 6 months ago

monicabiswal147 commented 6 months ago

Trying to set up the VaultAuthList using the API reference - https://developer.hashicorp.com/vault/docs/platform/k8s/vso/api-reference#vaultauthlist. My YAML for the same is as below:

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuthList
metadata:
  name: vault-auth-list
spec:
  items:
  - apiVersion: secrets.hashicorp.com/v1beta1
    kind: VaultAuth
    metadata:
      name: vault-auth
      namespace: sit
    spec:
      vaultConnectionRef: vso-connection
      method: kubernetes
      mount: sit
      kubernetes:
        role: sit-kubernetes
        serviceAccount: sit-sa

I get an error - the server could not find the requested resource (post vaultauthlists.secrets.hashicorp.com)

tvoran commented 6 months ago

Hi @monicabiswal147, the VaultAuthList type in our API reference docs is just the concrete kind used when getting a collection of VaultAuth's from the Kubernetes API. You'll also see it as the listKind in the CRD definition https://github.com/hashicorp/vault-secrets-operator/blob/8da51b765131b29307e712e046ec243e5e6d2a4c/chart/crds/secrets.hashicorp.com_vaultauths.yaml#L15

So in your case you'd want to create a separate VaultAuth for each item in the list.

I can certainly understand the confusion here, so we may want to omit the List types from the website docs, since they aren't really useful for creating things.