unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6624f7aed1
terraform-vault/resources/k8s/syd1/au/generated_role_rules/cluster-admin.yaml
Ben Vincent 6624f7aed1 feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 
- Add Kubernetes secrets engine at kubernetes/au/syd1 path
  - Create four RBAC roles with external YAML configuration:
    * media-apps-operator: namespaced role for media-apps with selective permissions
    * cluster-operator: cluster-wide read-only access to specific API groups
    * cluster-admin: cluster-wide full access to specific API groups
    * cluster-root: cluster-wide superuser access to all resources
  - Add Vault policies for credential generation for each role
  - Add admin policies for kubernetes auth backend configuration and role management
  - Refactor kubernetes auth backend to use shared locals for CA certificate
  - Update terraform-vault approle with required kubernetes policies
2025-11-27 23:22:13 +11:00

24 lines
464 B
YAML
Raw Blame History

---
rules:
- apiGroups:
- ""
- "postgresql.cnpg.io"
- "cert-manager.io"
- "rbac.authorization.k8s.io"
- "batch"
- "secrets.hashicorp.com"
- "storage.k8s.io"
- "apps"
- "apiextensions.k8s.io"
- "externaldns.k8s.io"
- "autoscaling"
- "networking.k8s.io"
- "purelb.io"
- "nfd.k8s-sigs.io"
- "policy"
- "metrics.k8s.io"
resources:
- "*"
verbs:
- "*"
Reference in New Issue View Git Blame Copy Permalink