Giters

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.

Home Page:https://hashicorp.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

default VaultAuth is not generated for JWT-Auth

marc-aurel opened this issue · comments

commented

Describe the bug
When enabled is set to "true" for "defaultAuthMethod" in the Helm values.yaml
and method and mount are set to '"jwt" I expect a VaultAuth object to be created.

To Reproduce
Steps to reproduce the behavior:

  1. Install Helm Chart application with the following values.yaml adaptations (these are the required values):
defaultAuthMethod:
  enabled: true
  method: jwt
  mount: jwt
  jwt:
    role: jwt-role
  1. either defaultAuthMethod/jwt/secretRef is set to an existing secret (in the operator namespace) or
    defaultAuthMethod/jwt/serviceAccount is set to an existing serviceaccount (in the operator namespace)
    If none is set "default" should be used as jwt/serviceAccount
  2. no VaultAuth object called "default" is created (like with VaultConnection)

Expected behavior
If "defaultAuthMethod" is enabled in values.yaml I expect
that a default VaultAuth object is created in the "vault" namespace where
the operator is deployed.
If I just set defaultAuthMethod/jwt/serviceAccount I also expect an serviceaccountToken-secret
to be autocreated.

Environment

  • Kubernetes version: v1.26.14
  • vault-secrets-operator version: 0.6.0