76eef68730
Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev> |
||
|---|---|---|
| .. | ||
| bin/cloudflare-clean | ||
| framework | ||
| suite | ||
| util | ||
| e2e_test.go | ||
| e2e.go | ||