feat: set max token life for auth_kubernetes_role

found kubernetes vaultauth resources never picking up new policies,
because they would infinitely renew their token.

- set default max token length for roles to 1 day
- changed all existing role token_max_ttl to match their token_ttl
This commit is contained in:
2026-02-22 22:28:21 +11:00
parent c94b2af196
commit 7cafafd483
13 changed files with 18 additions and 0 deletions
@@ -5,4 +5,5 @@ bound_service_account_namespaces:
- csi-cephrbd
- csi-cephfs
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- cert-manager
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- externaldns
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- identity
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- media-apps
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- puppet
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- cattle-system
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- repoflow
token_ttl: 600
token_max_ttl: 600
audience: vault
@@ -3,4 +3,5 @@ bound_service_account_names:
bound_service_account_namespaces:
- woodpecker
token_ttl: 600
token_max_ttl: 600
audience: vault