76eef68730
Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev> |
||
|---|---|---|
| .. | ||
| coreclients | ||
| crypto | ||
| discovery | ||
| gen | ||
| listers | ||