K8s authentication to multiple clusters

From the docs (https://www.vaultproject.io/docs/auth/kubernetes.html) , it seems to me that currently Vault supports K8s authentication for only one cluster. Are there any plans to make it support authentication for multiple k8s clusters?

Hi! The docs allude to this at the top of the linked page, but you can enable an auth method multiple times using different paths. Vault’s API is dynamic based on what you have enabled at what paths. The default path is kubernetes, but if you do vault auth enable -path=cluster-1 kubernetes, you’ll get an auth mount at /cluster-1 - then to use it you can use CLI commands with -path or use vault write to the path, substituting cluster-1 for kubernetes where appropriate.

The API explorer in the UI and path-help in the CLI illustrate the dynamic nature of the API well. To use if you open the web cli in the UI and type api, it’ll redirect you to a filterable list of API endpoints representing all of the currently enabled auth methods and secrets engines.

1 Like