From 9ecdf054d3bcc08d0b6c66fba7a70c7f526e7c44 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Tue, 27 Jan 2026 01:04:38 -0300
Subject: [PATCH] vault: bootstrap k8s auth config with root token

---
 services/vault/k8s-auth-config-cronjob.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/vault/k8s-auth-config-cronjob.yaml b/services/vault/k8s-auth-config-cronjob.yaml
index 43da16b..5a2d682 100644
--- a/services/vault/k8s-auth-config-cronjob.yaml
+++ b/services/vault/k8s-auth-config-cronjob.yaml
@@ -34,6 +34,11 @@ spec:
                   value: http://10.43.57.249:8200
                 - name: VAULT_K8S_ROLE
                   value: vault-admin
+                - name: VAULT_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: vault-init
+                      key: root_token
                 - name: VAULT_K8S_TOKEN_REVIEWER_JWT_FILE
                   value: /var/run/secrets/vault-token-reviewer/token
                 - name: VAULT_K8S_ROLE_TTL