[Feature Request] Support for auth method using kubernetes service account

[Mark-McCracken]

A lot of users running their GoCD servers within kubernetes.
Setting up a secret in GoCD involves choosing an auth method, which is currently either Token, AppRole or TLS.
For simplicity of setup, it's a little tempting for admins to just put in the root token, which basically grants GoCD access to do anything in vault.
For those users running GoCD on kubernetes, it would be simpler to select kubernetes auth.
The plugin could then fetch the kubernetes service account token from the usual location (/var/run/secrets/kubernetes.io/serviceaccount/token).
The user would simply need to configure the auth path (defaulting to auth/kubernetes) and role, and their access is done!
This would be a lot simpler to set up, and doesn't require the user to do any further setup or AppRole or to go and fetch any sensitive credentials to paste in.

[GaneshSPatil]

Hi @Mark-McCracken - can you elaborate a bit more on the problem statement.
From the description it was unclear to me which GoCD kubernetes plugin you're referring to? (GoCD has two Kubernetes plugins: Kubernetes Elastic Agents Plugin and Kubernetes Secrets Plugin)
Also, when you say Setting up a secret in GoCD, do you mean, using Secret Management within GoCD, or setting up some secure configuration fields?

It would be a lot helpful if you can provide following information along with the issue summary:

• Issue Type
• Issue Description
• Basic environment details
• Steps to reproduce
• Expected Results
• Actual Results
• Possible Fix (if any)

You can refer to this issue template for providing information.

[maheshp]

@Mark-McCracken the Vault plugin was built recently and the initial auth methods to be supported are Token, AppRole and TLS.

Adding support for kubernetes auth method is not in our radar for now. We will be happy to help if you would want to contribute towards this.