We’re integrating Tectonic with Red Hat OpenShift

We are bringing the best of Tectonic to Red Hat OpenShift to build the most secure, hybrid Kubernetes application platform.

RBAC guide

The Vault operator works in conjunction with the etcd operator to setup a Vault cluster. To do this both the etcd and Vault operators need RBAC permissions to access the necessary resources.

This guide shows an example of how to setup a Role and RoleBinding for the etcd and vault operators. The provided RBAC template contains the collective rules for both the etcd and Vault operator.

For an overview of the resources created by the vault operator see the resource labels and ownership doc

Create a Role and RoleBinding

This example binds a Role to the default service account in the default namespace.

Note: For production usage you should create a specific service account to bind the Role to.

  1. Generate the RBAC manifest from the template given in the repository by setting the namesapce and service account:

    $ sed -e 's/<namespace>/default/g' \
        -e 's/<service-account>/default/g' \
        example/rbac-template.yaml > example/rbac.yaml
    
  2. Create the Role and RoleBinding from the RBAC manifest:

    kubectl -n default create -f example/rbac.yaml