dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Connect vault to oidc

Browse Source
This commit is contained in:
dvirlabs 2025-05-09 15:51:01 +03:00
parent 826544fa9e
commit bd9a752e05
1 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/vault/values.yaml
View File

@ -23,18 +23,25 @@ server:
extraEnvironmentVars: extraEnvironmentVars:
VAULT_ADDR: http://127.0.0.1:8200 VAULT_ADDR: http://127.0.0.1:8200
postStart: extraInitContainers:
- name: configure-oidc
image: hashicorp/vault:1.15.5
command: command:
- /bin/sh - /bin/sh
- -c - -c
- | - |
export VAULT_ADDR=http://127.0.0.1:8200 echo "Waiting for Vault to initialize..."
vault auth enable oidc until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
sleep 2
done
export VAULT_ADDR=http://vault:8200
vault auth enable oidc || true
vault write auth/oidc/config \ vault write auth/oidc/config \
oidc_discovery_url="https://keycloack/realms/lab" \ oidc_discovery_url="https://<KEYCLOAK_URL>/realms/<REALM>" \
oidc_client_id="vault" \ oidc_client_id="vault" \
oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \ oidc_client_secret="<CLIENT_SECRET>" \
default_role="vault-role" default_role="vault-role"
vault write auth/oidc/role/vault-role \ vault write auth/oidc/role/vault-role \
@ -46,6 +53,13 @@ server:
policies="default" \ policies="default" \
ttl="1h" ttl="1h"
env:
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: vault-init
key: root-token
ui: ui:
enabled: true enabled: true