From ec834b7e0fc98dc790868c322e60acf0d789f109 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Mon, 26 Jan 2026 22:26:13 -0300
Subject: [PATCH] vault: allow ariadne to use vault-admin role

---
 services/vault/scripts/vault_k8s_auth_configure.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh
index a956e0e..21132c7 100644
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@@ -193,8 +193,8 @@ path "kv/data/atlas/shared/*" {
 write_raw_policy "dev-kv" "${dev_kv_policy}"
 log "writing role vault-admin"
 vault_cmd write "auth/kubernetes/role/vault-admin" \
-  bound_service_account_names="vault-admin" \
-  bound_service_account_namespaces="vault" \
+  bound_service_account_names="vault-admin,ariadne" \
+  bound_service_account_namespaces="vault,maintenance" \
   policies="vault-admin" \
   ttl="${role_ttl}"