mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-15 17:51:01 +00:00
Code Activity

docs: mention auth-delegator role in vault provider (#2734)

Browse source 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
This commit is contained in:
Moritz Johner 2023-10-13 15:50:40 +02:00 committed by GitHub
parent 7b57943c55
commit d42ccaaf78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/provider/hashicorp-vault.md
View file

@ -306,6 +306,8 @@ options of obtaining credentials for vault:
3. by using transient credentials from the mounted service account token within the 3. by using transient credentials from the mounted service account token within the
external-secrets operator external-secrets operator
Vault validates the service account token by using the TokenReview API. ⚠️ You have to bind the `system:auth-delegator` ClusterRole to the service account that is used for authentication. Please follow the [Vault documentation](https://developer.hashicorp.com/vault/docs/auth/kubernetes#configuring-kubernetes).
```yaml ```yaml
{% include 'vault-kubernetes-store.yaml' %} {% include 'vault-kubernetes-store.yaml' %}
``` ```

2
hack/api-docs/Makefile
View file

@ -77,7 +77,7 @@ clean:
# serve runs mkdocs as a local webserver for interactive development. # serve runs mkdocs as a local webserver for interactive development.
# This will serve the live copy of the docs on 127.0.0.1:8000. # This will serve the live copy of the docs on 127.0.0.1:8000.
.PHONY: serve .PHONY: serve
serve: serve: build
$(DOCKER) run \ $(DOCKER) run \
-it \ -it \
--sig-proxy=true \ --sig-proxy=true \