mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-08 06:23:13 +07:00
49 lines
919 B
YAML
49 lines
919 B
YAML
kind: ServiceAccount
|
|
apiVersion: v1
|
|
metadata:
|
|
name: vault
|
|
|
|
---
|
|
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: vault
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["*"]
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "update", "patch"]
|
|
---
|
|
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: vault
|
|
roleRef:
|
|
kind: Role
|
|
name: vault
|
|
apiGroup: rbac.authorization.k8s.io
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: vault
|
|
|
|
---
|
|
|
|
# This binding allows the deployed Vault instance to authenticate clients
|
|
# through Kubernetes ServiceAccounts (if configured so).
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vault-auth-delegator
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:auth-delegator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: vault
|
|
namespace: vault
|