On k8s namespace creation configures vault-kubernetes binding, and removes it on namespace deletion.
Deploy vaultlink, make sure it can authorise itself to vault, then:
kubectl create namespace test
kubectl annotate namespace test --overwrite vault-link/bind=true
kubectl get namespace test -o yamland check it for:
apiVersion: v1
kind: Namespace
metadata:
annotations:
vault-link/bind: "true"
vault-link/vault: VAULT_ADDR
vault-link/vault.auth: k8s/docker/test
vault-link/vault.policy: k8s/docker/test
vault-link/vault.policy-path: team/test
and clean it up:
kubectl annotate namespace test --overwrite vault-link/bind=false