From 02654ac32aace138227cac9824f1c2438195f608 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 16 Nov 2025 16:49:04 +1100
Subject: [PATCH] chore: fix kubernetes_host

- correct hostname to match `kubectl cluster-info`
- fix formatting with terraform fmt
---
 auth_backend_kubernetes.tf | 10 +++++-----
 main.tf                    |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/auth_backend_kubernetes.tf b/auth_backend_kubernetes.tf
index 000ddf9..91695a5 100644
--- a/auth_backend_kubernetes.tf
+++ b/auth_backend_kubernetes.tf
@@ -29,10 +29,10 @@ data "vault_kv_secret_v2" "token_reviewer_jwt" {
 
 # Configure Kubernetes auth backend
 resource "vault_kubernetes_auth_backend_config" "config" {
-  backend                = vault_auth_backend.kubernetes.path
-  kubernetes_host        = "https://kubernetes.default.svc.cluster.local"
-  kubernetes_ca_cert     = local.kubernetes_ca_cert
-  token_reviewer_jwt     = data.vault_kv_secret_v2.token_reviewer_jwt.data["token"]
-  disable_iss_validation = true
+  backend                           = vault_auth_backend.kubernetes.path
+  kubernetes_host                   = "https://api-k8s.service.consul:6443"
+  kubernetes_ca_cert                = local.kubernetes_ca_cert
+  token_reviewer_jwt                = data.vault_kv_secret_v2.token_reviewer_jwt.data["token"]
+  disable_iss_validation            = true
   use_annotations_as_alias_metadata = true
 }
diff --git a/main.tf b/main.tf
index f5a5806..9333cfb 100644
--- a/main.tf
+++ b/main.tf
@@ -30,7 +30,7 @@ terraform {
   required_version = ">= 1.10"
   required_providers {
     vault = {
-      source = "hashicorp/vault"
+      source  = "hashicorp/vault"
       version = "5.4.0"
     }
   }