infra/kubernetes/vault-secrets-operator/crb.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-auth
---
apiVersion: v1
kind: Secret
metadata:
  name: vault-auth
  annotations:
    kubernetes.io/service-account.name: vault-auth
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: role-tokenreview-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
  - kind: ServiceAccount
    name: vault-auth
    namespace: vault-secrets-operator
Transition to Vault 2024-07-06 00:48:36 +01:00			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: vault-auth`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: vault-auth`
			`annotations:`
			`kubernetes.io/service-account.name: vault-auth`
			`type: kubernetes.io/service-account-token`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: role-tokenreview-binding`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: system:auth-delegator`
			`subjects:`
			`- kind: ServiceAccount`
			`name: vault-auth`
A ton of tweaks to fully spin up cluster from zero 2024-07-09 11:41:10 +01:00			`namespace: vault-secrets-operator`