unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add media-apps integration with vault #29

Merged
unkinben merged 1 commits from benvin/media_apps_k8s into master 2025-11-27 20:41:53 +11:00
Conversation 0 Commits 1 Files Changed 3 +23
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
auth_kubernetes_roles.tf
View File

@ -78,3 +78,20 @@ resource "vault_kubernetes_auth_backend_role" "ceph-csi" {
]
audience = "vault"
}
resource "vault_kubernetes_auth_backend_role" "media-apps" {
backend = vault_auth_backend.kubernetes.path
role_name = "media-apps"
bound_service_account_names = [
"media-apps-vault-reader",
]
bound_service_account_namespaces = [
"media-apps",
]
token_ttl = 60
token_policies = [
"kv/service/media-apps/radarr/read",
"kv/service/media-apps/sonarr/read",
]
audience = "vault"
}

3
policies/kv/service/media-apps/radarr/read.hcl Normal file
View File

@ -0,0 +1,3 @@
path "kv/data/service/media-apps/radarr" {
capabilities = ["read"]
}

3
policies/kv/service/media-apps/sonarr/read.hcl Normal file
View File

@ -0,0 +1,3 @@
path "kv/data/service/media-apps/sonarr" {
capabilities = ["read"]
}