Closed jimsmith closed 7 months ago
Your example has the connection as a separate element. The connection should be in the entry with all other required elements to authenticate.
for example:
apiVersion: redhatcop.redhat.io/v1alpha1
kind: VaultSecret
metadata:
namespace: helloworld
name: helloworld-pull-secret
spec:
vaultSecretDefinitions:
- connection:
address: http://vault.vault.svc.cluster.local:8200/
authentication:
namespace: vault-config-authentications
path: kubernetes
role: kubernetes-auth-engine-admin-role
name: retrievepassword
path: teams/kv-test/data/cluster/helloworld/randomsecret-password-v1
Thank you @trevorbox that worked 👍🏻
And thank you for the updated example, I am able to see the elements clearly now, looking into the crd I wasn't quite able to make out the flow of the elements just quite right.
👍🏻
Hello,
Vault Config Operator:
0.8.25
We are spiking this and we have the need to be able to point
VaultSecret
to a Vault Server that does not run in the same k8s clusterBased on the CRD this is supported however when it is deployed in the cluster this is reported back as we are using http://vault.vault.svc.cluster.local:8200/ just to test it the values are supported:
Having looked into
apiextensions.k8s.io_v1_customresourcedefinition_vaultsecrets.redhatcop.redhat.io.yaml
there is no support forrole
when attempting to addrole
this is reported back:strict decoding error: unknown field "spec.vaultSecretDefinitions[0].connection.role"
When removing
This works as before but only to the vault server that happens to run on the same cluster as vault config operator is deployed into, plus
role
is defined underspec:vaultSecretDefinitions:authentication:role
Log output from Vault Config Operator (some things have been removed/redacted/replaced for obvious reasons)