The Vault operator works in conjunction with the etcd operator to setup a Vault cluster. To do this both the etcd and Vault operators need RBAC permissions to access the necessary resources.
This guide shows an example of how to setup a Role and RoleBinding for the etcd and vault operators. The provided RBAC template contains the collective rules for both the etcd and Vault operator.
For an overview of the resources created by the vault operator see the resource labels and ownership doc
This example binds a Role to the default service account in the default namespace.
Note: For production usage you should create a specific service account to bind the Role to.
-
Generate the RBAC manifest from the template given in the repository by setting the namesapce and service account:
$ sed -e 's/<namespace>/default/g' \ -e 's/<service-account>/default/g' \ example/rbac-template.yaml > example/rbac.yaml
-
Create the Role and RoleBinding from the RBAC manifest:
kubectl -n default create -f example/rbac.yaml