mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-23 23:00:19 +00:00
e2e: disable iss validation in Hashicorp Vault
Testing encrypted PVCs does not work anymore since Kubernetes v1.21. It
seems that disabling the iss validation in Hashicorp Vault is a
relatively simple workaround that we can use instead of the more complex
securing of the environment like should be done in production
deployments.
Updates: #1963
See-also: external-secrets/kubernetes-external-secrets#721
Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit fd9fee74de
)
This commit is contained in:
parent
14e5a5cfa2
commit
c61e6b3f8c
@ -100,6 +100,13 @@ items:
|
|||||||
bound_service_account_names="${SERVICE_ACCOUNTS}" \
|
bound_service_account_names="${SERVICE_ACCOUNTS}" \
|
||||||
bound_service_account_namespaces="${SERVICE_ACCOUNTS_NAMESPACE}" \
|
bound_service_account_namespaces="${SERVICE_ACCOUNTS_NAMESPACE}" \
|
||||||
policies="${CLUSTER_IDENTIFIER}"
|
policies="${CLUSTER_IDENTIFIER}"
|
||||||
|
|
||||||
|
# disable iss validation
|
||||||
|
# from: external-secrets/kubernetes-external-secrets#721
|
||||||
|
vault write auth/${CLUSTER_IDENTIFIER}/config \
|
||||||
|
token_reviewer_jwt=@${SERVICE_ACCOUNT_TOKEN_PATH}/token \
|
||||||
|
kubernetes_host="${K8S_HOST}" \
|
||||||
|
disable_iss_validation=true
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
|
Loading…
Reference in New Issue
Block a user