What roleBinding do I need to configure AKS integration with Vault?

nikkikapil · February 20, 2020, 5:08pm

When integrating AKS with Vault, in the step where we configure Vault (i.e. auth/kubernetes/config), what ClusterRoleBinding should the associated ServiceAccount have?

roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
?

erSitzt · March 3, 2020, 6:57pm

Its in the docs ?

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: role-tokenreview-binding
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
  - kind: ServiceAccount
    name: vault-auth
    namespace: default

Topic		Replies	Views
Question about Kubernetes Auth Method Vault k8s , vault	0	355	April 8, 2021
Hashicorp Vault on Kubernetes Cluster without Cluster Roles Vault	1	2151	March 3, 2021
How to work with Vault k8s auth type on multiple namespace services? Vault	4	2316	January 25, 2022
Kubernetes auth best practices and advice Vault k8s	7	1059	July 13, 2020
K8s auth backend security/deployment best practices Vault	0	296	October 28, 2020

What roleBinding do I need to configure AKS integration with Vault?

Related topics