From 2ae65977312a19828977b33fd3e4606778f24770 Mon Sep 17 00:00:00 2001 From: Andrei Burd Date: Wed, 18 Aug 2021 23:41:16 +0300 Subject: [PATCH] Docs: k8s annotations for static_secret_render_interval (#12244) Co-authored-by: Theron Voran --- .../docs/platform/k8s/injector/annotations.mdx | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index cc79209107cd8..13b5c07a1e32d 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -72,14 +72,14 @@ them, optional commands to run, etc. `vault.hashicorp.com/agent-inject-secret-foobar` is configured, `vault.hashicorp.com/agent-inject-file-foobar` would configure the filename. -- `vault.hashicorp.com/agent-inject-template-file` - configures the path and filename of the - custom template to use. This should be used with `vault.hashicorp.com/extra-secret`, - which mounts a Kubernetes secret to `/vault/custom`. To map a template file to a specific secret, - use the same unique secret name: `vault.hashicorp.com/agent-inject-template-file-SECRET-NAME`. +- `vault.hashicorp.com/agent-inject-template-file` - configures the path and filename of the + custom template to use. This should be used with `vault.hashicorp.com/extra-secret`, + which mounts a Kubernetes secret to `/vault/custom`. To map a template file to a specific secret, + use the same unique secret name: `vault.hashicorp.com/agent-inject-template-file-SECRET-NAME`. For example, if a secret annotation `vault.hashicorp.com/agent-inject-secret-foobar` is configured, `vault.hashicorp.com/agent-inject-template-file-foobar` would configure the template file. -- `vault.hashicorp.com/agent-inject-default-template` - configures the default template type for rendering +- `vault.hashicorp.com/agent-inject-default-template` - configures the default template type for rendering secrets if no custom template is defined. Possible values include `map` and `json`. Defaults to `map`. - `vault.hashicorp.com/template-config-exit-on-retry-failure` - controls whether @@ -87,6 +87,10 @@ them, optional commands to run, etc. due to failures. Defaults to `true`. See [Vault Agent Template Config](/docs/agent/template-config) for more details. +- `vault.hashicorp.com/template-static-secret-render-interval` - If specified, + configures how often Vault Agent Template should render non-leased secrets such as KV v2. + See [Vault Agent Template Config](/docs/agent/template-config) for more details. + - `vault.hashicorp.com/agent-extra-secret` - mounts Kubernetes secret as a volume at `/vault/custom` in the sidecar/init containers. Useful for custom Agent configs with auto-auth methods such as approle that require paths to secrets be present.