Releases · fcantournet/kubernetes-flexvolume-vault-plugin

18 May 19:34

v0.6.1

ed62fd1

v0.6.1: Fix non-wrapped token generation Latest

Latest

It's more efficient to ask for the token "unwrapped" for the get go instead
of unwrapping it conditionally afterwards.

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

18 May 15:20

fcantournet

v0.6.0

4c645f8

v0.6.0: Move from tmpfs to disk files

We now store the token on disk instead of tmpfs.
This is kind of necessary for the 2nd change:
  you can now ask for the token to be unwrapped by the module.

Some refactoring was in order too.

Assets 3

13 Dec 18:18

fcantournet

v0.5.1

263580c

v0.5.1: Handle cases when VAULT_WRAP_TTL is not set !

Should default really... TODO

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

13 Dec 13:37

fcantournet

v0.5.0

77848ad

v0.5.0: Fixed k8s flexvolume options parsing.

options is a map[string]string in k8s.io/pkg/volume/flexvolume
So we cannot have a key-value as string-list

We revert to the way of having several policies specified as a string split by ","

Assets 3

09 Dec 12:49

fcantournet

v0.4.1

0bfcdc9

v0.4.1: Bootstrap now accepts $VAULT_TOKEN auth

For dev environments purposes

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

07 Dec 11:26

fcantournet

v0.4.0

dfed30f

v0.4.0: Add bootstrap command

This bootstrap command make it simple to get a token for
the node and place it at the right path.
You can still use whatever else mechanism you want if this doesn't suit you.

Sadly glide also update all dependencies,
i.e vault but it's fine it's from 0.6.2 to 0.6.3

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

01 Dec 16:15

fcantournet

v0.3.0

cd1b3c0

v0.3.0: Moved to Role based token creation

The token creation is now done against a role that is
specified via the VAULTTMPFS_ROLE_NAME env variable

This allows us to restrict the kind of tokens the tools can generate
You need to create a role on the vault auth token backend that
either allows explicitely the needed policies, or disallows the one
you don't want to be accessible to all pods.

This comes with a refactoring of the code to tidy things up
(or maybe it's a complete waste of time I'm not clear yet...)

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

25 Nov 10:07

fcantournet

v0.2.0

1d696de

v0.2.0: Added travis-ci shield

Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>

Assets 3

10 Nov 16:12

fcantournet

v0.1.0

81503f8

v0.1.0

first working release

Assets 3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: fcantournet/kubernetes-flexvolume-vault-plugin

v0.6.1: Fix non-wrapped token generation

v0.6.0: Move from tmpfs to disk files

v0.5.1: Handle cases when VAULT_WRAP_TTL is not set !

v0.5.0: Fixed k8s flexvolume options parsing.

v0.4.1: Bootstrap now accepts $VAULT_TOKEN auth

v0.4.0: Add bootstrap command

v0.3.0: Moved to Role based token creation

v0.2.0: Added travis-ci shield

v0.1.0