update connect/ca's vault AuthMethod conf section (#16346)

Updated Params field to re-frame as supporting arguments specific to the
supported vault-agent auth-auth methods with links to each methods
"#configuration" section.
Included a call out limits on parameters supported.
pull/16528/head
John Eikenberry 2 years ago committed by GitHub
parent 56ffee6d42
commit 8910002e8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -94,17 +94,14 @@ The key after the slash refers to the corresponding option name in the agent con
on how to configure individual auth methods. If auth method is provided, Consul will obtain on how to configure individual auth methods. If auth method is provided, Consul will obtain
a new token from Vault when the token can no longer be renewed. a new token from Vault when the token can no longer be renewed.
- `Type`/ `type` (`string: ""`) - The type of Vault auth method. - `Type`/ `type` (`string: ""`) - The type of Vault auth method. Valid options are "approle", "aws", "azure", "gcp", "jwt" and "kubernetes".
- `MountPath`/ `mount_path` (`string: <AuthMethod.Type>`) - The mount path of the auth method. - `MountPath`/ `mount_path` (`string: <AuthMethod.Type>`) - The mount path of the auth method.
If not provided the auth method type will be used as the mount path. If not provided the auth method type will be used as the mount path.
- `Params`/`params` (`map: nil`) - The parameters to configure the auth method. Please see - `Params`/`params` (`map: nil`) - The parameters to configure the auth method. The configuration parameters needed will depend on which auth type you are using. Please refer to the Vault Agent auto-auth method documentation for details on their configuration options: [AppRole](/vault/docs/agent/autoauth/methods/approle#configuration), [AWS](/vault/docs/agent/autoauth/methods/aws#configuration), [Azure](/vault/docs/agent/autoauth/methods/azure#configuration), [GCP](/vault/docs/agent/autoauth/methods/gcp#configuration), [JWT](/vault/docs/agent/autoauth/methods/jwt#configuration), [Kubernetes](/vault/docs/agent/autoauth/methods/kubernetes#configuration).
[Vault Auth Methods](/vault/docs/auth) for information on how to configure the
auth method you wish to use. If using the Kubernetes auth method, Only the authentication related fields (for example, JWT's `path` and `role`) are supported. The optional management fields (for example: `remove_jwt_after_reading`) are not supported.
Consul will read the service account token from the
default mount path `/var/run/secrets/kubernetes.io/serviceaccount/token` if the `jwt` parameter
is not provided.
- `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
a PKI secrets engine for the root certificate. a PKI secrets engine for the root certificate.

Loading…
Cancel
Save