2026-02-01 14:54:46 +11:00
5 changed files with 26 additions and 0 deletions
--- a/config/auth_kubernetes_role/k8s/au/syd1/puppet.yaml
+++ b/config/auth_kubernetes_role/k8s/au/syd1/puppet.yaml
@ -0,0 +1,6 @@
 bound_service_account_names:
  - default
 bound_service_account_namespaces:
  - puppet
 token_ttl: 60
 audience: vault
--- a/policies/kv/service/puppet/puppetboard-secret-key/read.yaml
+++ b/policies/kv/service/puppet/puppetboard-secret-key/read.yaml
@ -0,0 +1,9 @@
 ---
 rules:
  - path: "kv/data/service/puppet/puppetboard-secret-key"
    capabilities:
      - read
 auth:
  k8s/au/syd1:
    - puppet
--- a/policies/kv/service/puppet/puppetdb-postgresql-credentials/read.yaml
+++ b/policies/kv/service/puppet/puppetdb-postgresql-credentials/read.yaml
@ -0,0 +1,9 @@
 ---
 rules:
  - path: "kv/data/service/puppet/puppetdb-postgresql-credentials"
    capabilities:
      - read
 auth:
  k8s/au/syd1:
    - puppet
--- a/resources/secret_backend/kubernetes/au/syd1/roles/cluster-admin.yaml
+++ b/resources/secret_backend/kubernetes/au/syd1/roles/cluster-admin.yaml
@ -3,6 +3,7 @@ rules:
  - apiGroups:
      - ""
      - "postgresql.cnpg.io"
      - "poolers.postgresql.cnpg.io"
      - "cert-manager.io"
      - "rbac.authorization.k8s.io"
      - "batch"
--- a/resources/secret_backend/kubernetes/au/syd1/roles/cluster-operator.yaml
+++ b/resources/secret_backend/kubernetes/au/syd1/roles/cluster-operator.yaml
@ -3,6 +3,7 @@ rules:
  - apiGroups:
      - ""
      - "postgresql.cnpg.io"
      - "poolers.postgresql.cnpg.io"
      - "cert-manager.io"
      - "rbac.authorization.k8s.io"
      - "batch"