unkinben
7cafafd483
feat: set max token life for auth_kubernetes_role
...
found kubernetes vaultauth resources never picking up new policies,
because they would infinitely renew their token.
- set default max token length for roles to 1 day
- changed all existing role token_max_ttl to match their token_ttl
2026-02-22 22:28:21 +11:00
unkinben
c093d5830d
fix: kubernetes auth fixes
...
- annotations as alias metadata does not work with openbao (idempotency issue)
- set token_ttl to be 600 for all auth roles for kubernetes (min)
2026-02-15 13:06:08 +11:00
unkinben
24c124d6eb
chore: rancher pods use rancher service account
...
- update bound service account names to be `rancher`
- update namespace to cattle-system (do not run rancher in another namespace)
2026-01-30 22:11:08 +11:00
unkinben
33af7010fb
chore: add rancher role
...
- add kubernetes role for rancher
- add policy to enable access to bootstrap-password
2026-01-30 19:43:06 +11:00