Kaspersky Container Security
2.0
English
Integration with third-party resources  >  Integrating with HashiCorp Vault  >  HashiCorp Vault storage settings:

HashiCorp Vault storage settings:

For Kaspersky Container Security to work with HashiCorp Vault, you must specify the values of the following configuration settings in the values.yaml configuration file:

  • The enabled flag enables the integration with the storage. The vault.enabled = true value indicates that the integration with HashiCorp Vault is established; the values of environment variables are obtained from the storage. The default value is false.
  • mountPath — path to mount secrets from the Vault to the pod. The default is /vault/secrets.
  • role is the role to be used for authentication in the storage.

    When creating a role in Vault, you need to specify all existing values from the serviceAccount section in the values.yaml file.

  • agentInitFirst — variable for defining the initialization queue of the init container. A value of true indicates that the pod first initializes the Vault init container. This value must be set when other containers in the initialization require prepopulated secrets to function. If it is set to false, the order of initialization of the containers is randomized. The default value is true.
  • agentPrePopulate — variable for enabling the init container for prepopulating the shared memory with secrets before the containers are started. The default value is true.
  • agentPrePopulateOnly — variable that indicates whether the init container will be the only one injected in the pod. If it is set to true, no sidecar container is added when the pod is run. The default value is false.
  • preserveSecretCase — variable for preserving the case in the names of secrets when creating secret files. The default value is true.
  • agentInjectPerms — variable that defines rights to access the mounted file with secrets from the storage. The default value is 0440 (owner and group have the read permission).
  • annotations — instructions that configure the correct operation of the sidecar container. You can add instructions to the vault block for use by all Helm Chart components or specify them in the Architecture section separately for each component, for example:

    kcs-middleware:

    enabled: true

    appType: deployment

    annotations:

    vault.hashicorp.com/agent-limits-cpu: 200m

Article ID: 290082, Last review: Dec 5, 2024
Page top