Configuration

Lieutenant Operator is configured via environment variables:

Environment Variable Description Default

VAULT_ADDR

Sets the address to the Vault instance

VAULT_TOKEN

Sets the Vault token to be used, only recommended for testing. In production the K8s authentication should be used by omitting the setting.

VAULT_AUTH_PATH

Sets the mount path where the auth method is enabled, without the auth/ prefix.

kubernetes

VAULT_SECRET_ENGINE_PATH

Configures the mount path of the KV secret engine to be used.

kv

SKIP_VAULT_SETUP

Doesn’t create any Vault secrets. Recommended for testing only.

false

DEFAULT_DELETION_POLICY

Sets what deletion policy for external resources (Git, Vault) should be used by default. One of Archive, Delete, Retain. See Explanation/Object Deletion for more information.

Archive

DEFAULT_CREATION_POLICY

Sets what creation policy for Git repositories should be used by default. One of Create or Adopt. See Object Adoption for more information.

Create

LIEUTENANT_DELETE_PROTECTION

Defines whether the annotation to protect for accidental deletion should be set by default. See Explanation/Object Deletion for more information.

true

LIEUTENANT_SYNC_DURATION

Defines with what frequency the CRs will be synced

5m

DEFAULT_GLOBAL_GIT_REPO_URL

URL of the default global configuration git repository. Its value will be applied to tenant.Spec.GlobalGitRepoURL if not set otherwise. If left empty, the GlobalGitRepoURL field will remain untouched.

LIEUTENANT_CREATE_SERVICEACCOUNT_TOKEN_SECRET

Defines whether the operator should manage ServiceAccount token secrets for the Tenant and Cluster ServiceAccounts as documented for creating additional API tokens in the upstream Kubernetes documentation. This must be set to true on Kubernetes 1.24+ to ensure that API access tokens for new clusters are generated correctly.

false