2f0772a6cc
Migrate Vault Secrets Operator from Terragrunt to ArgoCD/Kustomize. Deploys vault-secrets-operator v1.2.0 with 3 replicas, plus ClusterRole, ClusterRoleBindings, and vault-admin ServiceAccount. Note: static service account tokens (kubernetes.io/service-account-token) cannot be stored in git; create manually or via Vault after deployment. 💘 Generated with Crush Assisted-by: Claude Sonnet 4.6 via Crush <crush@charm.land>
33 lines
897 B
YAML
33 lines
897 B
YAML
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: rbac
|
|
app.kubernetes.io/part-of: vault-secrets-operator
|
|
name: vso-system-vault-secrets-operator-auth-delegator
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:auth-delegator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: vault-secrets-operator-controller-manager
|
|
namespace: vso-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: vso-system-vault-admin-binding
|
|
app.kubernetes.io/part-of: vault-secrets-system
|
|
name: vso-system-vault-admin-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vso-system-vault-service-account-admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: vso-system-vault-admin
|
|
namespace: vso-system
|