Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of docs/vault-k8s: update for v1.0.0 release into release/1.11.x #17169

Merged
merged 1 commit into from Sep 16, 2022
Merged

Backport of docs/vault-k8s: update for v1.0.0 release into release/1.11.x #17169

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
24 changes: 23 additions & 1 deletion website/content/docs/platform/k8s/injector/annotations.mdx
View file
Open in desktop
Expand Up @@ -28,7 +28,7 @@ them, optional commands to run, etc.

- `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This
value overrides the default image configured in the injector and is usually
not needed. Defaults to `hashicorp/vault:1.11.1`.
not needed. Defaults to `hashicorp/vault:1.11.3`.

- `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent
init container first if `true` (last if `false`). This is useful when other init
Expand Down Expand Up @@ -119,6 +119,13 @@ them, optional commands to run, etc.
Agent containers. Defaults to `128Mi`. Setting this to an empty string disables
memory limits.

- `vault.hashicorp.com/agent-limits-ephemeral` - configures the ephemeral
storage limit on the Vault Agent containers. Defaults to `128Mi`. Setting this
to an empty string disables ephemeral storage limits. Also available as a
command-line option (`-ephemeral-storage-limit`) or environment variable
(`AGENT_INJECT_EPHEMERAL_LIMIT`) to set the default for all injected Agent
containers.

- `vault.hashicorp.com/agent-requests-cpu` - configures the CPU requests on the
Vault Agent containers. Defaults to `250m`. Setting this to an empty string disables
CPU requests.
Expand All @@ -127,6 +134,14 @@ them, optional commands to run, etc.
Vault Agent containers. Defaults to `64Mi`. Setting this to an empty string disables
memory requests.

- `vault.hashicorp.com/agent-requests-ephemeral` - configures the ephemeral
storage requests on the Vault Agent Containers. Defaults to `64Mi`. Setting
this to an empty string disables ephemeral storage requests (and will default
to the ephemeral limit if set). Also available as a command-line option
(`-ephemeral-storage-request`) or environment variable
(`AGENT_INJECT_EPHEMERAL_REQUEST`) to set the default for all injected Agent
containers.

- `vault.hashicorp.com/agent-revoke-on-shutdown` - configures whether the sidecar
will revoke it's own token before shutting down. This setting will only be applied
to the Vault Agent sidecar container. This should be set to a `true` or `false`
Expand Down Expand Up @@ -281,3 +296,10 @@ etc.
(`-disable-idle-connections`) or environment variable
(`AGENT_INJECT_DISABLE_IDLE_CONNECTIONS`) to set the default for all injected
Agents.

- `vault.hashicorp.com/agent-disable-keep-alives` - Comma-separated [list of
Vault Agent features](/docs/agent#disable_keep_alives) where keep-alives
should be disabled. Also available as a command-line option
(`-disable-keep-alives`) or environment variable
(`AGENT_INJECT_DISABLE_KEEP_ALIVES`) to set the default for all injected
Agents.