Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault role for secret and configmap mutations #160

Open
sagikazarmark opened this issue Sep 6, 2023 · 2 comments
Open

Vault role for secret and configmap mutations #160

sagikazarmark opened this issue Sep 6, 2023 · 2 comments
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.

Comments

@sagikazarmark
Copy link
Member

The default VAULT_ROLE env var sets a default for all kinds of mutations, regardless of where (namespace) the actual injection happens.

In case of pods, the injection happens in the pods's namespace. In case of secrets and configmaps, the injection happens in the vault secrets webhook namespace.

We should have a separate global default for these two cases.
@sagikazarmark sagikazarmark added the kind/enhancement Categorizes issue or PR as related to an improvement. label Sep 6, 2023
@ramizpolic ramizpolic moved this from 🆕 New to 📋 Backlog in Project backlog Nov 16, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2023

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Dec 3, 2023
@ramizpolic ramizpolic added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Dec 7, 2023
@ramizpolic ramizpolic moved this from 📋 Backlog to Next up in Project backlog Dec 7, 2023
@ramizpolic ramizpolic moved this from Next up to 🔖 Ready for work in Project backlog Jan 18, 2024
@cenk1cenk2
Copy link

This would be a great addition if some kind of templating is used for the roles/policies in the vault operator itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.
Projects
Project backlog
Status: 🔖 Ready for work
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sagikazarmark @cenk1cenk2 @ramizpolic