vault icon indicating copy to clipboard operation
vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Allow multiple cluster-roles Kubernetes secret engine Vault role

Open aldelsa opened this issue 2 years ago • 0 comments

Hello, We are trying to create a secret that involve multiple roles in our kubernetes cluster. The problem is that we cannot create multiple RBAC chains for single service account. The idea is to have:

  • clusterRole + ClusterRoleBinding linked to a serviceAccount "vault-test" in namespace "default" to have perms for listing namespace and nodes (Cluster Wide Objects)

  • clusterRole + RoleBinding existing in the namespace "monitoring" also link to the same ServiceAccount called "vault-test"

  • clusterRole + RoleBinding existing in the namespace "prod" also link to the same ServiceAccount called "vault-test"

Is it possible to generate with Vault those three RBAC chains with a single resulting JWT? As we read in documentation we only have the possibility to create using a single RBAC chain: Doc

Thanks in advance

aldelsa avatar Dec 16 '22 09:12 aldelsa