From c925ab9c004e0c58e35ab5bf9f61383c582d6a8c Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Mon, 14 Jul 2025 12:04:56 -0700 Subject: [PATCH] docs/vault-k8s: updates for the Vault Agent Injector v1.7.0 release (#31144) --- .../docs/deploy/kubernetes/injector/annotations.mdx | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/website/content/docs/deploy/kubernetes/injector/annotations.mdx b/website/content/docs/deploy/kubernetes/injector/annotations.mdx index f5e485d05d..f11811451c 100644 --- a/website/content/docs/deploy/kubernetes/injector/annotations.mdx +++ b/website/content/docs/deploy/kubernetes/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the injector and is usually - not needed. Defaults to `hashicorp/vault:1.18.5`. + not needed. Defaults to `hashicorp/vault:1.19.5`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init @@ -129,6 +129,11 @@ them, optional commands to run, etc. active, and idle states. See [Vault Agent Template Config](/vault/docs/agent-and-proxy/agent/template#global-configurations) for more details. +- `vault.hashicorp.com/template-lease-renewal-threshold` - If specified, configures how long Vault Agent's template + engine should wait to refresh dynamic, non-renewable leases, measured as a fraction of the lease + duration (e.g. `0.9`). See [Vault Agent Template Config](/vault/docs/agent-and-proxy/agent/template#global-configurations) + for more details. + - `vault.hashicorp.com/agent-extra-secret` - mounts Kubernetes secret as a volume at `/vault/custom` in the sidecar/init containers. Useful for custom Agent configs with auto-auth methods such as approle that require paths to secrets be present.