infra/tf/bao-auth-backends.tf

resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
}

resource "vault_kubernetes_auth_backend_config" "example" {
  backend                = vault_auth_backend.kubernetes.path
  kubernetes_host        = "https://kubernetes.default.svc.cluster.local:443"
}

resource "vault_kubernetes_auth_backend_role" "k8s-default" {
  backend                          = vault_auth_backend.kubernetes.path
  role_name                        = "kubernetes-default"
  bound_service_account_names      = ["default"]
  bound_service_account_namespaces = ["*"]
  token_ttl                        = 3600
  token_policies                   = [
    vault_policy.k8s_default_sa.name
  ]
}
use opentofu to configure openbao + other bao fixes 2024-09-10 07:32:41 +00:00			`resource "vault_auth_backend" "kubernetes" {`
			`type = "kubernetes"`
			`}`

Initial bao authorization stuff for k8s service accounts working! 2024-09-10 16:19:25 +00:00			`resource "vault_kubernetes_auth_backend_config" "example" {`
			`backend = vault_auth_backend.kubernetes.path`
			`kubernetes_host = "https://kubernetes.default.svc.cluster.local:443"`
			`}`

use opentofu to configure openbao + other bao fixes 2024-09-10 07:32:41 +00:00			`resource "vault_kubernetes_auth_backend_role" "k8s-default" {`
			`backend = vault_auth_backend.kubernetes.path`
			`role_name = "kubernetes-default"`
			`bound_service_account_names = ["default"]`
			`bound_service_account_namespaces = ["*"]`
			`token_ttl = 3600`
			`token_policies = [`
			`vault_policy.k8s_default_sa.name`
			`]`
			`}`