dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Connect vault to oidc

Browse Source
This commit is contained in:
dvirlabs 2025-05-09 15:51:01 +03:00
parent 826544fa9e
commit bd9a752e05
1 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
manifests/vault/values.yaml
View File

@ -23,28 +23,42 @@ server:
extraEnvironmentVars: extraEnvironmentVars:
VAULT_ADDR: http://127.0.0.1:8200 VAULT_ADDR: http://127.0.0.1:8200
postStart: extraInitContainers:
command: - name: configure-oidc
- /bin/sh image: hashicorp/vault:1.15.5
- -c command:
- | - /bin/sh
export VAULT_ADDR=http://127.0.0.1:8200 - -c
vault auth enable oidc - |
echo "Waiting for Vault to initialize..."
until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
sleep 2
done
vault write auth/oidc/config \ export VAULT_ADDR=http://vault:8200
oidc_discovery_url="https://keycloack/realms/lab" \ vault auth enable oidc || true
oidc_client_id="vault" \
oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
default_role="vault-role"
vault write auth/oidc/role/vault-role \ vault write auth/oidc/config \
bound_audiences="vault" \ oidc_discovery_url="https://<KEYCLOAK_URL>/realms/<REALM>" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ oidc_client_id="vault" \
user_claim="preferred_username" \ oidc_client_secret="<CLIENT_SECRET>" \
groups_claim="groups" \ default_role="vault-role"
oidc_scopes="profile email groups" \
policies="default" \ vault write auth/oidc/role/vault-role \
ttl="1h" bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
user_claim="preferred_username" \
groups_claim="groups" \
oidc_scopes="profile email groups" \
policies="default" \
ttl="1h"
env:
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: vault-init
key: root-token
ui: ui:
enabled: true enabled: true