Merge pull request 'fix: kubernetes auth fixes' (#53) from benvin/kubernetes_fixes into master

Reviewed-on: #53
2026-02-15 13:08:43 +11:00 · 2026-02-15 13:08:43 +11:00 · d398911108
commit d398911108
parent 4b176846f2 c093d5830d
10 changed files with 10 additions and 10 deletions
--- a/config/auth_kubernetes_backend/k8s/au/syd1.yaml
+++ b/config/auth_kubernetes_backend/k8s/au/syd1.yaml
@ -1,5 +1,5 @@
 kubernetes_host: https://api-k8s.service.consul:6443
 disable_iss_validation: true
-use_annotations_as_alias_metadata: true
+use_annotations_as_alias_metadata: false # doesnt work with openbao yet
 default_lease_ttl: 1h
 max_lease_ttl: 24h
--- a/config/auth_kubernetes_role/k8s/au/syd1/ceph-csi.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/ceph-csi.yaml
@ -4,5 +4,5 @@ bound_service_account_names:
 bound_service_account_namespaces:
  - csi-cephrbd
  - csi-cephfs
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/cert_manager_issuer.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/cert_manager_issuer.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - cert-manager-vault-issuer
 bound_service_account_namespaces:
  - cert-manager
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/externaldns.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/externaldns.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - externaldns
 bound_service_account_namespaces:
  - externaldns
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/huntarr-default.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/huntarr-default.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - default
 bound_service_account_namespaces:
  - huntarr
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/identity.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/identity.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - default
 bound_service_account_namespaces:
  - identity
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/media-apps.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/media-apps.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - media-apps-vault-reader
 bound_service_account_namespaces:
  - media-apps
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/puppet.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/puppet.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - default
 bound_service_account_namespaces:
  - puppet
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/rancher.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/rancher.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - rancher
 bound_service_account_namespaces:
  - cattle-system
-token_ttl: 60
+token_ttl: 600
 audience: vault
--- a/config/auth_kubernetes_role/k8s/au/syd1/repoflow.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/repoflow.yaml
@ -2,5 +2,5 @@ bound_service_account_names:
  - default
 bound_service_account_namespaces:
  - repoflow
-token_ttl: 60
+token_ttl: 600
 audience: vault