76eef68730
Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev> |
||
|---|---|---|
| .. | ||
| acme/dns | ||
| e2e | ||
| fixtures | ||
| integration | ||
| internal | ||
| unit | ||
| OWNERS | ||