diff --git a/config/auth_kubernetes_role/k8s/au/syd1/rpmbuilder.yaml b/config/auth_kubernetes_role/k8s/au/syd1/rpmbuilder.yaml new file mode 100644 index 0000000..5e5889a --- /dev/null +++ b/config/auth_kubernetes_role/k8s/au/syd1/rpmbuilder.yaml @@ -0,0 +1,8 @@ +# rpmbuilder is deployed in woodpeckerci +bound_service_account_names: + - default +bound_service_account_namespaces: + - woodpecker +token_ttl: 600 +token_max_ttl: 600 +audience: vault diff --git a/policies/kv/service/gitea/unkinben/tokens/read-only-packages/read.yaml b/policies/kv/service/gitea/unkinben/tokens/read-only-packages/read.yaml index 354fead..bed87a6 100644 --- a/policies/kv/service/gitea/unkinben/tokens/read-only-packages/read.yaml +++ b/policies/kv/service/gitea/unkinben/tokens/read-only-packages/read.yaml @@ -9,4 +9,4 @@ auth: approle: - rpmbuilder k8s/au/syd1: - - woodpecker + - rpmbuilder diff --git a/policies/kv/service/github/neoloc/tokens/read-only-token/read.yaml b/policies/kv/service/github/neoloc/tokens/read-only-token/read.yaml index 1cb2085..6f06cc2 100644 --- a/policies/kv/service/github/neoloc/tokens/read-only-token/read.yaml +++ b/policies/kv/service/github/neoloc/tokens/read-only-token/read.yaml @@ -9,4 +9,4 @@ auth: approle: - rpmbuilder k8s/au/syd1: - - woodpecker + - rpmbuilder