Feature Request: Allow mounting configmaps/secrets into Vault container

kubevault / project

Enhancements & Issues for KubeVault

https://kubevault.com

Apache License 2.0

7 stars 0 forks source link

Feature Request: Allow mounting configmaps/secrets into Vault container #60

Closed arnarg closed 4 years ago

arnarg commented 5 years ago

When using PostgreSQL RDS for Secrets or Storage engine you need to get CA root certificate here. It's not possible to mount it into the Vault container to reference with sslrootcert in the postgresql connection string.

Maybe it should be possible to specify this in .spec.podTemplate for VaultServer.

tamalsaha commented 5 years ago

    // DataSources is a list of Configmaps/Secrets in the same namespace as the VaultServer
    // object, which shall be mounted into the VaultServer Pods.
    // The Secrets are mounted into /etc/vault/data/<name>.
    DataSources []core.VolumeSource `json:"dataSource,omitempty"`

https://github.com/coreos/prometheus-operator/issues/2251

arnarg commented 5 years ago

I don't understand your response, are you saying this is already available?

tamalsaha commented 5 years ago

@kamolhasan has started working on this feature. We are planning to add the DataSources field which will allow you to mount configmaps and secrets or any volume into a Vault server pod.

arnarg commented 5 years ago

ok thanks! :)

arnarg commented 5 years ago

Seems that this functionality has been added. Should I close this issue?

tamalsaha commented 5 years ago

We are going to close the issue once the release is out.

tamalsaha commented 4 years ago

This is released with the https://github.com/kubevault/operator/releases/tag/v0.3.0 release.