weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
76eef68730
cert-manager/internal/apis
History
Maël Valais 76eef68730 serviceAccountRef: the vault issuer can now use bound SA tokens 
Previously, the Vault issuer was only able to use a Secret in order to
use the "Kubernetes authentication" method. The downside to this service
account Secret token is that it has the default JWT iss
"kubernetes/serviceaccount" (along with the fact that the token is not
bound to a particular pod and has no expiry).

With the new serviceAccountRef, cert-manager now requests the token on
behalf of the pod in order to authenticate with Vault.

Signed-off-by: Maël Valais <mael@vls.dev>
2023-02-06 18:28:49 +01:00
..
acme add + use CABundle field for ACME servers in issuers 2022-12-15 16:21:07 +00:00
certmanager serviceAccountRef: the vault issuer can now use bound SA tokens 2023-02-06 18:28:49 +01:00
config/webhook Remove bazel 🎉 2022-07-26 11:38:50 +01:00
meta Remove bazel 🎉 2022-07-26 11:38:50 +01:00