mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
e2e: disable iss validation in Hashicorp Vault
Testing encrypted PVCs does not work anymore since Kubernetes v1.21. It seems that disabling the iss validation in Hashicorp Vault is a relatively simple workaround that we can use instead of the more complex securing of the environment like should be done in production deployments. Updates: #1963 See-also: external-secrets/kubernetes-external-secrets#721 Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
c851b69160
commit
fd9fee74de
@ -100,6 +100,13 @@ items:
|
||||
bound_service_account_names="${SERVICE_ACCOUNTS}" \
|
||||
bound_service_account_namespaces="${SERVICE_ACCOUNTS_NAMESPACE}" \
|
||||
policies="${CLUSTER_IDENTIFIER}"
|
||||
|
||||
# disable iss validation
|
||||
# from: external-secrets/kubernetes-external-secrets#721
|
||||
vault write auth/${CLUSTER_IDENTIFIER}/config \
|
||||
token_reviewer_jwt=@${SERVICE_ACCOUNT_TOKEN_PATH}/token \
|
||||
kubernetes_host="${K8S_HOST}" \
|
||||
disable_iss_validation=true
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
|
Loading…
Reference in New Issue
Block a user