Files
argocd-apps/apps/base/vso-system/clusterrole_vault-service-account-admin.yaml
T
unkinben 6c5c549af1
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful
feat: migrate vso-system to ArgoCD
Migrate Vault Secrets Operator from Terragrunt to ArgoCD/Kustomize.
Deploys vault-secrets-operator v1.2.0 with 3 replicas, plus ClusterRole,
ClusterRoleBindings, and vault-admin ServiceAccount.

Note: static service account tokens (kubernetes.io/service-account-token)
cannot be stored in git; create manually or via Vault after deployment.

💘 Generated with Crush

Assisted-by: Claude Sonnet 4.6 via Crush <crush@charm.land>
2026-03-27 17:06:58 +11:00

13 lines
304 B
YAML

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: vault-service-account-admin
app.kubernetes.io/part-of: vault-secrets-system
name: vso-system-vault-service-account-admin
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]