From the docs (https://www.vaultproject.io/docs/auth/kubernetes.html) , it seems to me that currently Vault supports K8s authentication for only one cluster. Are there any plans to make it support authentication for multiple k8s clusters?
Hi! The docs allude to this at the top of the linked page, but you can enable an auth method multiple times using different paths. Vault’s API is dynamic based on what you have enabled at what paths. The default path is
kubernetes, but if you do
vault auth enable -path=cluster-1 kubernetes, you’ll get an auth mount at
/cluster-1 - then to use it you can use CLI commands with
-path or use
vault write to the path, substituting
kubernetes where appropriate.
The API explorer in the UI and
path-help in the CLI illustrate the dynamic nature of the API well. To use if you open the web cli in the UI and type
api, it’ll redirect you to a filterable list of API endpoints representing all of the currently enabled auth methods and secrets engines.