Disable init con

2025-05-09 19:03:57 +03:00 · 2025-05-09 19:03:57 +03:00 · a3182459c8
commit a3182459c8
parent 1633cd8a24
1 changed files with 32 additions and 32 deletions
--- a/manifests/vault/values.yaml
+++ b/manifests/vault/values.yaml
@ -23,42 +23,42 @@ server:
  extraEnvironmentVars:
    VAULT_ADDR: http://127.0.0.1:8200
-  extraInitContainers:
+  # extraInitContainers:
-    - name: configure-oidc
+  #   - name: configure-oidc
-      image: hashicorp/vault:1.15.5
+  #     image: hashicorp/vault:1.15.5
-      command:
+  #     command:
-        - /bin/sh
+  #       - /bin/sh
-        - -c
+  #       - -c
-        - |
+  #       - |
-          echo "Waiting for Vault to initialize..."
+  #         echo "Waiting for Vault to initialize..."
-          until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
+  #         until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
-            sleep 2
+  #           sleep 2
-          done
+  #         done
-          export VAULT_ADDR=http://vault:8200
+  #         export VAULT_ADDR=http://vault:8200
-          vault auth enable oidc || true
+  #         vault auth enable oidc || true
-          vault write auth/oidc/config \
+  #         vault write auth/oidc/config \
-            oidc_discovery_url="https://keycloack.dvirlabs.com/realms/lab" \
+  #           oidc_discovery_url="https://keycloack.dvirlabs.com/realms/lab" \
-            oidc_client_id="vault" \
+  #           oidc_client_id="vault" \
-            oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
+  #           oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
-            default_role="vault-role"
+  #           default_role="vault-role"
-          vault policy write oidc-ui-access - <<EOF
+  #         vault policy write oidc-ui-access - <<EOF
-          path "auth/oidc/role/vault-role" {
+  #         path "auth/oidc/role/vault-role" {
-            capabilities = ["read"]
+  #           capabilities = ["read"]
-          }
+  #         }
-          EOF
+  #         EOF
-          vault write auth/oidc/role/vault-role \
+  #         vault write auth/oidc/role/vault-role \
-            bound_audiences="vault" \
+  #           bound_audiences="vault" \
-            allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
+  #           allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
-            user_claim="preferred_username" \
+  #           user_claim="preferred_username" \
-            groups_claim="groups" \
+  #           groups_claim="groups" \
-            oidc_scopes="profile email groups" \
+  #           oidc_scopes="profile email groups" \
-            policies="default" \
+  #           policies="default" \
-            token_policies="oidc-ui-access" \
+  #           token_policies="oidc-ui-access" \
-            ttl="1h"
+  #           ttl="1h"
      env: