From 31b7a0ffc7e45f4f8ab1d417f973ef065e8537db Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Fri, 16 Sep 2022 11:54:57 -0400 Subject: [PATCH] backport of commit 5bc40d1fa9b541d6126f2a218b39f118e2f94ebd (#17169) Co-authored-by: Theron Voran --- .../platform/k8s/injector/annotations.mdx | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index 97763720610f8..0c7896c31879e 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the injector and is usually - not needed. Defaults to `hashicorp/vault:1.11.1`. + not needed. Defaults to `hashicorp/vault:1.11.3`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init @@ -119,6 +119,13 @@ them, optional commands to run, etc. Agent containers. Defaults to `128Mi`. Setting this to an empty string disables memory limits. +- `vault.hashicorp.com/agent-limits-ephemeral` - configures the ephemeral + storage limit on the Vault Agent containers. Defaults to `128Mi`. Setting this + to an empty string disables ephemeral storage limits. Also available as a + command-line option (`-ephemeral-storage-limit`) or environment variable + (`AGENT_INJECT_EPHEMERAL_LIMIT`) to set the default for all injected Agent + containers. + - `vault.hashicorp.com/agent-requests-cpu` - configures the CPU requests on the Vault Agent containers. Defaults to `250m`. Setting this to an empty string disables CPU requests. @@ -127,6 +134,14 @@ them, optional commands to run, etc. Vault Agent containers. Defaults to `64Mi`. Setting this to an empty string disables memory requests. +- `vault.hashicorp.com/agent-requests-ephemeral` - configures the ephemeral + storage requests on the Vault Agent Containers. Defaults to `64Mi`. Setting + this to an empty string disables ephemeral storage requests (and will default + to the ephemeral limit if set). Also available as a command-line option + (`-ephemeral-storage-request`) or environment variable + (`AGENT_INJECT_EPHEMERAL_REQUEST`) to set the default for all injected Agent + containers. + - `vault.hashicorp.com/agent-revoke-on-shutdown` - configures whether the sidecar will revoke it's own token before shutting down. This setting will only be applied to the Vault Agent sidecar container. This should be set to a `true` or `false` @@ -281,3 +296,10 @@ etc. (`-disable-idle-connections`) or environment variable (`AGENT_INJECT_DISABLE_IDLE_CONNECTIONS`) to set the default for all injected Agents. + +- `vault.hashicorp.com/agent-disable-keep-alives` - Comma-separated [list of + Vault Agent features](/docs/agent#disable_keep_alives) where keep-alives + should be disabled. Also available as a command-line option + (`-disable-keep-alives`) or environment variable + (`AGENT_INJECT_DISABLE_KEEP_ALIVES`) to set the default for all injected + Agents.