76eef68730
Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev> |
||
|---|---|---|
| .. | ||
| acme | ||
| api | ||
| apis | ||
| client | ||
| controller | ||
| ctl | ||
| issuer | ||
| logs | ||
| metrics | ||
| scheduler | ||
| util | ||
| webhook | ||