mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-26 16:20:28 +00:00
f2d5c2e0df
The new `vaultAuthNamespace` configuration parameter can be set to the Vault Namespace where the authentication is setup in the service. Some Hashicorp Vault deployments use sub-namespaces for their users/tenants, with a 'root' namespace where the authentication is configured. This requires passing of different Vault namespaces for different operations. Example: - the Kubernetes Auth mechanism is configured for in the Vault Namespace called 'devops' - a user/tenant has a sub-namespace called 'devops/website' where the encryption passphrases can be placed in the key-value store The configuration for this, then looks like: vaultAuthNamespace: devops vaultNamespace: devops/homepage Note that Vault Namespaces are a feature of the Hashicorp Vault Enterprise product, and not part of the Open Source version. This prevents adding e2e tests that validate the Vault Namespace configuration. Signed-off-by: Niels de Vos <ndevos@redhat.com> |
||
---|---|---|
.. | ||
aws-credentials.yaml | ||
csi-kms-connection-details.yaml | ||
csi-vaulttokenreview-rbac.yaml | ||
kms-config.yaml | ||
tenant-config.yaml | ||
tenant-sa-admin.yaml | ||
tenant-sa.yaml | ||
tenant-token.yaml | ||
user-secret.yaml | ||
vault-psp.yaml | ||
vault.yaml |