» vault_kubernetes_auth_backend_role
Manages an Kubernetes auth backend role in a Vault server. See the Vault documentation for more information.
» Example Usage
resource "vault_auth_backend" "kubernetes" {
type = "kubernetes"
}
resource "vault_kubernetes_auth_backend_role" "example" {
backend = "${vault_auth_backend.kubernetes.path}"
role_name = "example-role"
bound_service_account_names = ["example"]
bound_service_account_namespaces = ["example"]
ttl = 3600
policies = ["default", "dev", "prod"]
}
» Argument Reference
The following arguments are supported:
-
role_name- (Required) Name of the role. -
bound_service_account_names- (Required) List of service account names able to access this role. If set to["*"]all names are allowed, both this and bound_service_account_namespaces can not be "*". -
bound_service_account_namespaces- (Required) List of namespaces allowed to access this role. If set to["*"]all namespaces are allowed, both this and bound_service_account_names can not be set to "*". -
bound_cirs- (Optional) List of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation. -
ttl- (Optional) The TTL period of tokens issued using this role in seconds. -
max_ttl- (Optional) The maximum allowed lifetime of tokens issued in seconds using this role. -
num_uses- (Optional) Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses. -
period- (Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this parameter. -
policies- (Optional) Policies to be set on tokens issued using this role. -
backend- (Optional) Unique name of the kubernetes backend to configure.
» Attributes Reference
No additional attributes are exported by this resource.