dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/manifests/vault/values.yaml
dvirlabs 1633cd8a24 Fix keycloack url
2025-05-09 18:51:50 +03:00

88 lines
2.1 KiB
YAML
Raw Blame History

server:
dataStorage:
enabled: true
size: 1Gi
storageClass: nfs-client
standalone:
enabled: true
config: |
ui = true
storage "file" {
path = "/vault/data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
disable_mlock = true
extraEnvironmentVars:
VAULT_ADDR: http://127.0.0.1:8200
extraInitContainers:
- name: configure-oidc
image: hashicorp/vault:1.15.5
command:
- /bin/sh
- -c
- |
echo "Waiting for Vault to initialize..."
until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
sleep 2
done
export VAULT_ADDR=http://vault:8200
vault auth enable oidc || true
vault write auth/oidc/config \
oidc_discovery_url="https://keycloack.dvirlabs.com/realms/lab" \
oidc_client_id="vault" \
oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
default_role="vault-role"
vault policy write oidc-ui-access - <<EOF
path "auth/oidc/role/vault-role" {
capabilities = ["read"]
}
EOF
vault write auth/oidc/role/vault-role \
bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
user_claim="preferred_username" \
groups_claim="groups" \
oidc_scopes="profile email groups" \
policies="default" \
token_policies="oidc-ui-access" \
ttl="1h"
env:
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: vault-init
key: root-token
ui:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: vault.dvirlabs.com
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- vault.dvirlabs.com
Reference in New Issue View Git Blame Copy Permalink