Comments (4)
The need to append an additional "data" on the custom template may be related to the way the secrets are accessed for KV2 vs KV. At least that was my case (I deployed originally with KV and then switched to KV2 and was getting this output). This should be reflected on the docs
from vault-k8s.
Hi @hugespoon, can you share the templates you tried?
The learn guide also has more detailed examples of templating: https://learn.hashicorp.com/vault/getting-started-k8s/sidecar#apply-a-template-to-the-injected-secrets
from vault-k8s.
@tvoran , thanks for getting back to me. I see that I needed to use .Data.data.KEYNAME
in my custom template to get the data to render properly.
It looks like the docs I linked (https://www.vaultproject.io/docs/platform/k8s/injector/) need to be updated or called out if this is a Vault version specific issue as they only seem to show .Data.KEYNAME
variations (and the default template seems to use this as well).
Thanks for your help!
from vault-k8s.
I've thought the same while creating hashicorp/vault#8294, but then found #18.
It depends on what secrets engine do you use.
Example in the docs shows the consul engine, I've used kv2, you're probably not using the consul one too.
It's the red plate in the docs already, but it seems it's not so clear for lots of people:
Vault Agent uses the Consul Template project to render secrets. For more information on writing templates, see the Consul Template documentation.
Maybe it'd be better to rewrite it.
from vault-k8s.
Related Issues (20)
- Injector sidecar is working for inject Pod manifest but Deployment manifest doesn't work HOT 1
- Agent injector should set a maxSize for its tmpfs mount
- Vault agent overwrites kubernetes managedFields
- Allow configuration of the init/sidecar container names globally HOT 1
- Injected config tries to use IRSA token instead of the k8s service account token
- Webhook tries to add initContainer during UPDATE HOT 4
- Stuned deleting of a pod whose parents are job.
- vault.hashicorp.com/agent-init-first does not work with init containers coming from annotations
- Azure authentication method doesn't work with federated token
- Support for an agent-image built FROM scratch
- Auth config block can support common arguments from env and flags
- Tokens not revoked on Vault Agent Shutdown created via a Job using the /agent/v1/quit endpoint HOT 3
- Pipeline Request: Rebuild Dockerhub Image HOT 1
- Support for a securityContext.seccompProfile configuration HOT 1
- Support vault secret inject while the main pod "automountServiceAccountToken" set false HOT 1
- [controller-runtime] log.SetLogger(...) was never called; logs will not be displayed. HOT 1
- Sidecar agent does not handle manually rotated static database secret
- Inject the Agent as a native sidecar HOT 2
- Allow patching the Agent's configuration HOT 3
- vault agent export container port for scape metrics through podmonitor
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-k8s.