dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Role admin

Browse Source
This commit is contained in:
dvirlabs 2025-05-18 05:13:51 +03:00
parent a95509fbf0
commit 9dbf546207
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
manifests/vault/oidc-job.yaml
View File

@ -29,9 +29,16 @@ spec:
oidc_discovery_url="https://keycloak.dvirlabs.com/realms/lab" \ oidc_discovery_url="https://keycloak.dvirlabs.com/realms/lab" \
oidc_client_id="vault" \ oidc_client_id="vault" \
oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \ oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
default_role="vault-admins" default_role="default"
echo "🎯 Creating OIDC role named 'default' (optional)..." echo "📜 Writing Vault policy..."
vault policy write oidc-ui-access - <<EOF
path "auth/oidc/role/default" {
capabilities = ["read"]
}
EOF
echo "🎯 Creating OIDC role named 'default'..."
vault write auth/oidc/role/default \ vault write auth/oidc/role/default \
bound_audiences="vault" \ bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
@ -41,15 +48,6 @@ spec:
policies="default" \ policies="default" \
token_policies="oidc-ui-access" \ token_policies="oidc-ui-access" \
ttl="1h" ttl="1h"
echo "📜 Writing vault-admin policy..."
vault policy write vault-admin - <<EOF
path "*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
EOF
echo "✅ All OIDC setup completed."
volumeMounts: volumeMounts:
- name: vault-token - name: vault-token
mountPath: /vault/secrets mountPath: /vault/secrets