add woodpecker pipeline to reconcile flux

2026-04-04 02:06:08 +02:00
parent f2d60e0b15
commit 57c2c7ea8d
5 changed files with 80 additions and 2 deletions
--- a/vault/approles/ci-flux-reconcile.yaml
+++ b/vault/approles/ci-flux-reconcile.yaml
@@ -0,0 +1,4 @@
+token_ttl: 20m
+token_max_ttl: 20m
+policies:
+  - flux-reconcile
--- a/vault/kubernetes-se-roles/flux-reconcile.yaml
+++ b/vault/kubernetes-se-roles/flux-reconcile.yaml
@@ -1,6 +1,6 @@
 allowed_kubernetes_namespaces: flux-system
 generated_role_rules:
  rules:
-    - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+    - apiGroups: ["source.toolkit.fluxcd.io"]
      resources: ["gitrepositories"]
-      verbs: ["update", "watch"]
+      verbs: ["get", "patch", "watch"]
--- a/vault/policy/flux-reconcile.hcl
+++ b/vault/policy/flux-reconcile.hcl
@@ -0,0 +1,3 @@
+path "kubernetes/creds/flux-reconcile" {
+    capabilities = ["update"]
+}