Add Kubernetes Auth method #52
Conversation
Jenkins master running on kubernetes can use a service account token to authenticate with vault.
|
|
||
| public class VaultKubernetesCredential extends AbstractVaultTokenCredential { | ||
|
|
||
| private static final String SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token"; |
There was a problem hiding this comment.
This path is not the same as it would be on Windows?
There was a problem hiding this comment.
I don't really know that. The windows container support in kubernetes is relatively new and after a quick search I couldn't find any documentation on how the volumes work in windows containers, but I guess as in any regular windows.
The service account token is just a regular secret, so technically it can be mounted on any path even in unix containers. But the Service Account Admission Controller, which manages service accounts in kubernetes, mounts the token on this path by default. link to the documentation
There was a problem hiding this comment.
Perhaps this option should only be visible if kubernetes secret is detected?
There was a problem hiding this comment.
Can be achieved with isApplicable in the descriptor
There was a problem hiding this comment.
Perhaps this option should only be visible if kubernetes secret is detected?
Do you mean to only show the VaultKubernetesCredential as option, when the mounted token is detected?
There was a problem hiding this comment.
Simply a suggestion, don't know if it makes sense. I am fine with the feature as is.
|
Is there an ETA on merging/releasing this? |
|
😅 I been super busy at work lately. I'd be happy if someone wants to co-maintain the plugin! |
3 participants
When the jenkins master is running on Kubernetes the authentication can be done using a Kubernetes service account token.
fixes #18