vaults
crazy-canux/vaults/bank
Terraform Module
HCL
BANK
terraform deploy vault-secret-webhook on eks.
Install
module "vaults" {
source = "crazy-canux/vaults/bank"
version = "0.1.0"
}
README
terraform bank vaults provision vault-secrets-webhook to EKS. HowTo module "secrets_webhook" { source = "crazy-canux/vaults/bank" version = "0.1.0" cluster_name = local.cluster_name project = local.vault_project helm_chart_version = local.helm_chart_version vault_policies = [ { name = "${local.vault_project}/${local.vault_role_name}" hcl = <<-EOT path "${local.vault_project}/*" { capabilities = ["read", "list"] } EOT } ] extra_sa_mappings = [ { name = local.vault_role_name namespaces = [local.namespace] service_accounts = [local.service_account] policies = ["${local.vault_project}/${local.vault_role_name}"] ttl = 7200 } ] }
Inputs (12)
| Name | Type | Description | Default |
|---|---|---|---|
| cluster_name | string | EKS cluster name | |
| project | string | Name top level project in vault | |
| service_account | string | Name for vault-secrets-webhook namespace | "vault-webhook-admin" |
| helm_values | list(string) | Values for vault-secrets-webhook Helm chart in raw YAML. If none specified, modu | [] |
| extra_set_values | list(object({ name = stri | Specific values to override in the vault-secrets-webhook Helm chart (overrides c | [] |
| chart_repo_url | string | URL to repository containing the vault-secrets-webhook helm chart | "https://kubernetes-charts.banzaicloud.c |
| helm_deployment_name | string | Name for helm deployment | "banzai-vault-webhook" |
| helm_chart_version | string | Version of the vault-secrets-webhook chart | "1.11.1" |
| namespace | string | Name for vault-secrets-webhook namespace | "vault-secrets-webhook" |
| webhook_vault_base_policy | string | Default policy for the webhook's service acccount in vault | "" |
| vault_policies | list(object({ name = strin | Specific values to override in the vault-secrets-webhook Helm chart (overrides c | [] |
| extra_sa_mappings | list(object({ name | Specific values to override in the vault-secrets-webhook Helm chart (overrides c | [] |
Resources (7)
helm_releasekubernetes_cluster_role_binding_v1kubernetes_namespacevault_auth_backendvault_kubernetes_auth_backend_configvault_kubernetes_auth_backend_rolevault_policy
Details
FrameworkTerraform Module
LanguageHCL
Version0.1.0
Cloud BANK
Total downloads128
Inputs12
Resources7
Namespacecrazy-canux
Updated