Add Vault access for forgebot service
K8s auth role binding for forgebot namespace (default + forgebot-operator service accounts) and KV read policies for environment config, LiteLLM API key, Gitea token, PostgreSQL credentials, and webhook secret.
This commit is contained in:
@@ -0,0 +1,8 @@
|
||||
bound_service_account_names:
|
||||
- default
|
||||
- forgebot-operator
|
||||
bound_service_account_namespaces:
|
||||
- forgebot
|
||||
token_ttl: 600
|
||||
token_max_ttl: 600
|
||||
audience: vault
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
rules:
|
||||
- path: "kv/data/service/forgebot/environment"
|
||||
capabilities:
|
||||
- read
|
||||
|
||||
auth:
|
||||
k8s/au/syd1:
|
||||
- forgebot
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
rules:
|
||||
- path: "kv/data/service/forgebot/gitea-token"
|
||||
capabilities:
|
||||
- read
|
||||
|
||||
auth:
|
||||
k8s/au/syd1:
|
||||
- forgebot
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
rules:
|
||||
- path: "kv/data/service/forgebot/litellm-api-key"
|
||||
capabilities:
|
||||
- read
|
||||
|
||||
auth:
|
||||
k8s/au/syd1:
|
||||
- forgebot
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
rules:
|
||||
- path: "kv/data/service/forgebot/postgres-credentials"
|
||||
capabilities:
|
||||
- read
|
||||
|
||||
auth:
|
||||
k8s/au/syd1:
|
||||
- forgebot
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
rules:
|
||||
- path: "kv/data/service/forgebot/webhook-secret"
|
||||
capabilities:
|
||||
- read
|
||||
|
||||
auth:
|
||||
k8s/au/syd1:
|
||||
- forgebot
|
||||
Reference in New Issue
Block a user