From f57ce6b82a16655bfc10822e15712c9eee1abbc7 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 21 May 2026 23:04:40 +1000 Subject: [PATCH] feat: add terraform_vault role this adds a service account that can be used to run the terraform_vault workflows with, so that we can access the jwt to generate a token --- apps/base/woodpecker/kustomization.yaml | 1 + apps/base/woodpecker/serviceaccount_terraform_vault.yaml | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 apps/base/woodpecker/serviceaccount_terraform_vault.yaml diff --git a/apps/base/woodpecker/kustomization.yaml b/apps/base/woodpecker/kustomization.yaml index be1bb41..8fd53fe 100644 --- a/apps/base/woodpecker/kustomization.yaml +++ b/apps/base/woodpecker/kustomization.yaml @@ -6,5 +6,6 @@ resources: - namespace.yaml - cnpg_cluster.yaml - cnpg_pooler.yaml + - serviceaccount_terraform_vault.yaml - vaultauth.yaml - vaultstaticsecret.yaml diff --git a/apps/base/woodpecker/serviceaccount_terraform_vault.yaml b/apps/base/woodpecker/serviceaccount_terraform_vault.yaml new file mode 100644 index 0000000..5d29fc9 --- /dev/null +++ b/apps/base/woodpecker/serviceaccount_terraform_vault.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: terraform_vault + namespace: woodpecker