Reads the Role of an Kubernetes from a Vault server. See the Vault documentation for more information.
data "vault_kubernetes_auth_backend_config" "config" {
backend = "my-kubernetes-backend"
}
output "token_reviewer_jwt" {
value = data.vault_kubernetes_auth_backend_config.config.token_reviewer_jwt
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Optional) The unique name for the Kubernetes backend the config to
retrieve Role attributes for resides in. Defaults to "kubernetes".
In addition to the above arguments, the following attributes are exported:
kubernetes_host
- Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
kubernetes_ca_cert
- PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
pem_keys
- Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
issuer
- Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount
will be used as the default issuer.