resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
}

resource "vault_kubernetes_auth_backend_config" "example" {
  backend                = vault_auth_backend.kubernetes.path
  kubernetes_host        = "https://kubernetes.default.svc.cluster.local:443"
}

resource "vault_kubernetes_auth_backend_role" "k8s-default" {
  backend                          = vault_auth_backend.kubernetes.path
  role_name                        = "kubernetes-default"
  bound_service_account_names      = ["default"]
  bound_service_account_namespaces = ["*"]
  token_ttl                        = 3600
  token_policies                   = [
    vault_policy.k8s_default_sa.name
  ]
}