Connect vault to oidc

manifests/vault/values.yaml

@@ -20,6 +20,31 @@ server:
 
       disable_mlock = true
 
+  extraEnvironmentVars:
+    VAULT_ADDR: http://127.0.0.1:8200
+
+  postStart:
+    command:
+      - /bin/sh
+      - -c
+      - |
+        export VAULT_ADDR=http://127.0.0.1:8200
+        vault auth enable oidc
+
+        vault write auth/oidc/config \
+          oidc_discovery_url="https://<KEYCLOAK_URL>/realms/<REALM_NAME>" \
+          oidc_client_id="vault" \
+          oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
+          default_role="vault-role"
+
+        vault write auth/oidc/role/vault-role \
+          bound_audiences="vault" \
+          allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
+          user_claim="preferred_username" \
+          groups_claim="groups" \
+          oidc_scopes="profile email groups" \
+          policies="default" \
+          ttl="1h"
 
 ui:
   enabled: true