diff --git a/manifests/vault/values.yaml b/manifests/vault/values.yaml index bbe30af..cd9ff49 100644 --- a/manifests/vault/values.yaml +++ b/manifests/vault/values.yaml @@ -23,28 +23,42 @@ server: extraEnvironmentVars: VAULT_ADDR: http://127.0.0.1:8200 - postStart: - command: - - /bin/sh - - -c - - | - export VAULT_ADDR=http://127.0.0.1:8200 - vault auth enable oidc + extraInitContainers: + - name: configure-oidc + image: hashicorp/vault:1.15.5 + command: + - /bin/sh + - -c + - | + echo "Waiting for Vault to initialize..." + until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do + sleep 2 + done - vault write auth/oidc/config \ - oidc_discovery_url="https://keycloack/realms/lab" \ - oidc_client_id="vault" \ - oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \ - default_role="vault-role" + export VAULT_ADDR=http://vault:8200 + vault auth enable oidc || true - vault write auth/oidc/role/vault-role \ - bound_audiences="vault" \ - allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ - user_claim="preferred_username" \ - groups_claim="groups" \ - oidc_scopes="profile email groups" \ - policies="default" \ - ttl="1h" + vault write auth/oidc/config \ + oidc_discovery_url="https:///realms/" \ + oidc_client_id="vault" \ + oidc_client_secret="" \ + default_role="vault-role" + + vault write auth/oidc/role/vault-role \ + bound_audiences="vault" \ + allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ + user_claim="preferred_username" \ + groups_claim="groups" \ + oidc_scopes="profile email groups" \ + policies="default" \ + ttl="1h" + + env: + - name: VAULT_TOKEN + valueFrom: + secretKeyRef: + name: vault-init + key: root-token ui: enabled: true