Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openbao-helm/templates
History
Jean-François Roche c45f9b997d
Enable Vault to review kube tokens when using external Vault (#392) 
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.

We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].

These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.

User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.

refs #376

[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
2020-10-20 09:34:48 -04:00
..
_helpers.tpl Improve config variables (#398) 2020-10-16 10:47:31 -04:00
injector-clusterrole.yaml Add vault agent injector (#150) 2019-12-19 10:57:51 -05:00
injector-clusterrolebinding.yaml Removing namespace from yaml of non-namespaced objects (#300) 2020-05-28 22:47:41 -04:00
injector-deployment.yaml add ability to set pod annotations for injector (#394) 2020-10-01 11:06:53 -04:00
injector-mutating-webhook.yaml Add configurable failurePolicy for injector's webhook (#400) 2020-10-13 09:20:06 -04:00
injector-network-policy.yaml missing enabled checks for injector-network-policy (#358) 2020-07-30 10:05:01 -04:00
injector-psp-role.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-psp-rolebinding.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-psp.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-service.yaml Add vault agent injector (#150) 2019-12-19 10:57:51 -05:00
injector-serviceaccount.yaml Add vault agent injector (#150) 2019-12-19 10:57:51 -05:00
NOTES.txt Update notes template to be helm v3 compatible (#378) 2020-08-27 16:34:25 +01:00
server-clusterrolebinding.yaml Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00
server-config-configmap.yaml Change config specification (#213) 2020-04-27 10:45:56 -04:00
server-discovery-role.yaml Add Vault Helm ent support, service discovery (#250) 2020-04-09 09:26:58 -04:00
server-discovery-rolebinding.yaml Make serviceAccount name a configuration option (#367) 2020-08-18 19:13:02 -07:00
server-disruptionbudget.yaml Added support for external vault (#207) 2020-02-21 08:16:33 -08:00
server-ha-active-service.yaml Allow setting HA services type (#317) 2020-06-02 10:06:50 -04:00
server-ha-standby-service.yaml Allow setting HA services type (#317) 2020-06-02 10:06:50 -04:00
server-headless-service.yaml Remove tolerate-unready-endpoints annotation (#363) 2020-07-30 10:23:02 -04:00
server-ingress.yaml Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-network-policy.yaml Allow explicit network policy enablement (#381) 2020-09-15 23:40:56 -07:00
server-psp-role.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-psp-rolebinding.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-psp.yaml Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-route.yaml Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-service.yaml Remove tolerate-unready-endpoints annotation (#363) 2020-07-30 10:23:02 -04:00
server-serviceaccount.yaml Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00
server-statefulset.yaml Add configurable probe values (#387) 2020-09-15 16:24:38 -04:00
ui-service.yaml Add configuration options for Vault UI service (#285) 2020-08-20 14:39:46 -04:00