docker-development-youtube-series/hashicorp/vault/policies/vault-enable-auth-k8s.md

Enable Kubernetes Vault Auth

kubectl -n vault-example exec -it vault-example-0 sh

vault login
vault auth enable kubernetes

vault write auth/kubernetes/config \
   token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
   kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
   kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

vault write auth/kubernetes/role/myapp \
   bound_service_account_names=app \
   bound_service_account_namespaces=vault-example \
   policies=app \
   ttl=1h