feat: add terraform_k8s approle

- add approle for kubernetes terraform - ensure it can access consul token for state storage - ensure it can generate root token for managing kubernetes
2026-02-14 19:37:22 +11:00 · 2026-02-14 19:37:22 +11:00 · a47f841028
commit a47f841028
parent 9192879c03
2 changed files with 10 additions and 1 deletions
--- a/config/auth_approle_role/approle/terraform_k8s.yaml
+++ b/config/auth_approle_role/approle/terraform_k8s.yaml
@ -0,0 +1,9 @@
+token_ttl: 120
+token_max_ttl: 120
+bind_secret_id: false
+token_bound_cidrs:
+  - "10.10.12.200/32"
+  - "198.18.25.102/32"
+  - "198.18.26.91/32"
+  - "198.18.27.40/32"
+use_deterministic_role_id: true
--- a/policies/kubernetes/au/syd1/creds/cluster-root.yaml
+++ b/policies/kubernetes/au/syd1/creds/cluster-root.yaml
@ -7,4 +7,4 @@ rules:

 auth:
  approle:
-    - tf_vault
+    - terraform_k8s