Ben Vincent
33a746e545
vault's terraform approle doesnt need to access all of these kubernetes roles, it was just added as a placeholder and access to the kubernetes roles was via the `vault_admin` to-much-access account. this is an effort to roll back that and make access more targeted. - add kubernetes* ldap groups for specific cluster/role combinations - remove tf_vault from kubernetes* roles
13 lines
232 B
YAML
13 lines
232 B
YAML
# Allow access to cluster-root Kubernetes credentials
|
|
---
|
|
rules:
|
|
- path: "kubernetes/au/syd1/creds/cluster-root"
|
|
capabilities:
|
|
- update
|
|
|
|
auth:
|
|
approle:
|
|
- terraform_k8s
|
|
ldap:
|
|
- kubernetes_au_syd1_cluster_root
|