Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

docs: mention auth-delegator role in vault provider (#2734)

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Moritz Johner 2 years ago
parent
7b57943c55
commit
d42ccaaf78
2 changed files with 3 additions and 1 deletions
Unified View Show Diff Stats
  1. 2 0
      docs/provider/hashicorp-vault.md
  2. 1 1
      hack/api-docs/Makefile

+ 2 - 0
docs/provider/hashicorp-vault.md
View File 

@@ -306,6 +306,8 @@ options of obtaining credentials for vault:
 
 3.  by using transient credentials from the mounted service account token within the
 
 3.  by using transient credentials from the mounted service account token within the
 
     external-secrets operator
 
     external-secrets operator
 
 
 
+Vault validates the service account token by using the TokenReview API. ⚠️ You have to bind the `system:auth-delegator` ClusterRole to the service account that is used for authentication. Please follow the [Vault documentation](https://developer.hashicorp.com/vault/docs/auth/kubernetes#configuring-kubernetes).
 
+
 
 ```yaml
 
 ```yaml
 
 {% include 'vault-kubernetes-store.yaml' %}
 
 {% include 'vault-kubernetes-store.yaml' %}
 
 ```
 
 ```

+ 1 - 1
hack/api-docs/Makefile
View File 

@@ -77,7 +77,7 @@ clean:
 
 # serve runs mkdocs as a local webserver for interactive development.
 
 # serve runs mkdocs as a local webserver for interactive development.
 
 # This will serve the live copy of the docs on 127.0.0.1:8000.
 
 # This will serve the live copy of the docs on 127.0.0.1:8000.
 
 .PHONY: serve
 
 .PHONY: serve
 
-serve:
 
+serve: build
 
 	$(DOCKER) run \
 
 	$(DOCKER) run \
 
 		-it \
 
 		-it \
 
 		--sig-proxy=true \
 
 		--sig-proxy=true \