Skip to content

Instantly share code, notes, and snippets.

@hamid-elaosta

hamid-elaosta/cluster-issuer.yaml

Created May 18, 2020 17:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hamid-elaosta/a98b51a466b5cb46b60a9899ed0dd99d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hamid-elaosta/a98b51a466b5cb46b60a9899ed0dd99d to your computer and use it in GitHub Desktop.
Download ZIP
ClusterIssuer for cert-manager and Vault
Raw
cluster-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: vault-issuer
namespace: cert-manager
spec:
vault:
server: https://<vault address>:8200
caBundle: <ca bundle>
path: pki/sign/<role>
auth:
kubernetes:
mountPath: /v1/auth/kubernetes
role: issuer
secretRef:
name: <vault-auth-token-name>
key: token
Raw
service-account-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: role-tokenreview-binding
namespace: cert-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: vault-reviewer
namespace: cert-manager
Raw
service-account-reviewer.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault-reviewer
Raw
service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault-auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment