Add Vault access for forgebot service
K8s auth role binding for forgebot namespace (default + forgebot-operator service accounts) and KV read policies for environment config, LiteLLM API key, Gitea token, PostgreSQL credentials, and webhook secret.
This commit is contained in:
@@ -0,0 +1,8 @@
|
|||||||
|
bound_service_account_names:
|
||||||
|
- default
|
||||||
|
- forgebot-operator
|
||||||
|
bound_service_account_namespaces:
|
||||||
|
- forgebot
|
||||||
|
token_ttl: 600
|
||||||
|
token_max_ttl: 600
|
||||||
|
audience: vault
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/forgebot/environment"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
k8s/au/syd1:
|
||||||
|
- forgebot
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/forgebot/gitea-token"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
k8s/au/syd1:
|
||||||
|
- forgebot
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/forgebot/litellm-api-key"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
k8s/au/syd1:
|
||||||
|
- forgebot
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/forgebot/postgres-credentials"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
k8s/au/syd1:
|
||||||
|
- forgebot
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/forgebot/webhook-secret"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
k8s/au/syd1:
|
||||||
|
- forgebot
|
||||||
Reference in New Issue
Block a user