Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openbao-helm/test/unit
History
Jean-François Roche c45f9b997d
Enable Vault to review kube tokens when using external Vault (#392) 
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.

We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].

These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.

User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.

refs #376

[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
2020-10-20 09:34:48 -04:00
..
_helpers.bash add unit tests that use helm template 2018-09-03 08:42:25 -07:00
injector-clusterrole.bats Helm 3 support (#195) 2020-02-06 08:44:38 -08:00
injector-clusterrolebinding.bats Helm 3 support (#195) 2020-02-06 08:44:38 -08:00
injector-deployment.bats add ability to set pod annotations for injector (#394) 2020-10-01 11:06:53 -04:00
injector-mutating-webhook.bats Add configurable failurePolicy for injector's webhook (#400) 2020-10-13 09:20:06 -04:00
injector-psp-role.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-psp-rolebinding.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-psp.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
injector-service.bats Helm 3 support (#195) 2020-02-06 08:44:38 -08:00
injector-serviceaccount.bats Helm 3 support (#195) 2020-02-06 08:44:38 -08:00
server-clusterrolebinding.bats Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00
server-configmap.bats Add Raft HA support (#229) 2020-03-18 15:49:14 -04:00
server-dev-statefulset.bats Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-ha-active-service.bats Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-ha-disruptionbudget.bats Added support for external vault (#207) 2020-02-21 08:16:33 -08:00
server-ha-standby-service.bats Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-ha-statefulset.bats Allow overriding VAULT_API_ADDR (#290) 2020-07-14 10:09:43 -04:00
server-ingress.bats Use active service on ingress when ha (#270) 2020-05-28 11:51:25 -07:00
server-network-policy.bats Allow explicit network policy enablement (#381) 2020-09-15 23:40:56 -07:00
server-psp-role.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-psp-rolebinding.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-psp.bats Support PodSecurityPolicy (#177) 2020-06-25 23:42:52 -07:00
server-route.bats Add OpenShift beta support (#319) 2020-06-02 22:10:41 -04:00
server-service.bats Remove tolerate-unready-endpoints annotation (#363) 2020-07-30 10:23:02 -04:00
server-serviceaccount.bats Make serviceAccount name a configuration option (#367) 2020-08-18 19:13:02 -07:00
server-statefulset.bats Add configurable mountPath for audit/data storage (#393) 2020-10-01 09:32:46 -04:00
ui-service.bats Add configuration options for Vault UI service (#285) 2020-08-20 14:39:46 -04:00