Skip to content

Instantly share code, notes, and snippets.

@jficz

jficz/vault.tf

Created May 4, 2022 07:49
Show Gist options
  • Save jficz/ee72f5c27ec6183567ab7da2c75469a9 to your computer and use it in GitHub Desktop.
Save jficz/ee72f5c27ec6183567ab7da2c75469a9 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform + Vault
Raw
vault.tf
data "kubernetes_config_map" "cacert" {
metadata {
name = "kube-root-ca.crt"
namespace = "kube-system"
}
}
resource "vault_auth_backend" "kube" {
type = "kubernetes"
path = "kube-${var.cluster_name}"
}
locals {
kube_ca = data.kubernetes_config_map.cacert.data["ca.crt"]
trousseau_sa_jwt = "<irrelevant>"
}
resource "vault_kubernetes_auth_backend_config" "kube" {
backend = vault_auth_backend.kube.path
kubernetes_host = var.kube_url
kubernetes_ca_cert = local.kube_ca
token_reviewer_jwt = local.trousseau_sa_jwt
issuer = "https://kubernetes.default.svc.cluster.local"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment