chore: update name, role type for k8s

- ensure cluster roles are able to be created as ClusterRole - prefix all vault managed roles with `vault-`
2025-11-29 00:09:57 +11:00 · 2025-11-29 00:09:57 +11:00 · 756286c231
commit 756286c231
parent 9cc482d471
1 changed files with 8 additions and 4 deletions
--- a/engine_k8s_au_syd1.tf
+++ b/engine_k8s_au_syd1.tf
@ -17,32 +17,36 @@ resource "vault_kubernetes_secret_backend" "kubernetes_au_syd1" {

 resource "vault_kubernetes_secret_backend_role" "media_apps_operator" {
  backend                       = vault_kubernetes_secret_backend.kubernetes_au_syd1.path
-  name                          = "media-apps-operator"
+  name                          = "vault-media-apps-operator"
  allowed_kubernetes_namespaces = ["media-apps"]
+  kubernetes_role_type          = "Role"

  generated_role_rules = file("${path.module}/resources/k8s/syd1/au/generated_role_rules/media-apps-operator.yaml")
 }

 resource "vault_kubernetes_secret_backend_role" "cluster_operator" {
  backend                       = vault_kubernetes_secret_backend.kubernetes_au_syd1.path
-  name                          = "cluster-operator"
+  name                          = "vault-cluster-operator"
  allowed_kubernetes_namespaces = ["*"]
+  kubernetes_role_type          = "ClusterRole"

  generated_role_rules = file("${path.module}/resources/k8s/syd1/au/generated_role_rules/cluster-operator.yaml")
 }

 resource "vault_kubernetes_secret_backend_role" "cluster_admin" {
  backend                       = vault_kubernetes_secret_backend.kubernetes_au_syd1.path
-  name                          = "cluster-admin"
+  name                          = "vault-cluster-admin"
  allowed_kubernetes_namespaces = ["*"]
+  kubernetes_role_type          = "ClusterRole"

  generated_role_rules = file("${path.module}/resources/k8s/syd1/au/generated_role_rules/cluster-admin.yaml")
 }

 resource "vault_kubernetes_secret_backend_role" "cluster_root" {
  backend                       = vault_kubernetes_secret_backend.kubernetes_au_syd1.path
-  name                          = "cluster-root"
+  name                          = "vault-cluster-root"
  allowed_kubernetes_namespaces = ["*"]
+  kubernetes_role_type          = "ClusterRole"

  generated_role_rules = file("${path.module}/resources/k8s/syd1/au/generated_role_rules/cluster-root.yaml")
 }