unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster #33

Merged
unkinben merged 1 commits from benvin/au-syd1-k8s-roles into master 2025-11-27 23:31:04 +11:00
Conversation 0 Commits 1 Files Changed 15 +204 -25
unkinben commented 2025-11-27 23:30:59 +11:00
Owner
Copy Link
  • Add Kubernetes secrets engine at kubernetes/au/syd1 path
  • Create four RBAC roles with external YAML configuration:
    • media-apps-operator: namespaced role for media-apps with selective permissions
    • cluster-operator: cluster-wide read-only access to specific API groups
    • cluster-admin: cluster-wide full access to specific API groups
    • cluster-root: cluster-wide superuser access to all resources
  • Add Vault policies for credential generation for each role
  • Add admin policies for kubernetes auth backend configuration and role management
  • Refactor kubernetes auth backend to use shared locals for CA certificate
  • Update terraform-vault approle with required kubernetes policies
- Add Kubernetes secrets engine at kubernetes/au/syd1 path - Create four RBAC roles with external YAML configuration: * media-apps-operator: namespaced role for media-apps with selective permissions * cluster-operator: cluster-wide read-only access to specific API groups * cluster-admin: cluster-wide full access to specific API groups * cluster-root: cluster-wide superuser access to all resources - Add Vault policies for credential generation for each role - Add admin policies for kubernetes auth backend configuration and role management - Refactor kubernetes auth backend to use shared locals for CA certificate - Update terraform-vault approle with required kubernetes policies
unkinben added 1 commit 2025-11-27 23:31:00 +11:00 
- Add Kubernetes secrets engine at kubernetes/au/syd1 path
  - Create four RBAC roles with external YAML configuration:
    * media-apps-operator: namespaced role for media-apps with selective permissions
    * cluster-operator: cluster-wide read-only access to specific API groups
    * cluster-admin: cluster-wide full access to specific API groups
    * cluster-root: cluster-wide superuser access to all resources
  - Add Vault policies for credential generation for each role
  - Add admin policies for kubernetes auth backend configuration and role management
  - Refactor kubernetes auth backend to use shared locals for CA certificate
  - Update terraform-vault approle with required kubernetes policies
unkinben merged commit 9cc482d471 into master 2025-11-27 23:31:04 +11:00
unkinben deleted branch benvin/au-syd1-k8s-roles 2025-11-27 23:31:04 +11:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: unkin/terraform-vault#33
No description provided.
Delete Branch "benvin/au-syd1-k8s-roles"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?