dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/manifests/vault/values.yaml
dvirlabs efa73f9ef3 Fix csi agent
2025-05-16 16:54:27 +03:00

92 lines
2.2 KiB
YAML
Raw Blame History

server:
dataStorage:
enabled: true
size: 1Gi
storageClass: nfs-client
standalone:
enabled: true
config: |
ui = true
storage "file" {
path = "/vault/data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
disable_mlock = true
extraEnvironmentVars:
VAULT_ADDR: http://127.0.0.1:8200
# extraInitContainers:
# - name: configure-oidc
# image: hashicorp/vault:1.15.5
# command:
# - /bin/sh
# - -c
# - |
# echo "Waiting for Vault to initialize..."
# until curl -s http://vault:8200/v1/sys/health | grep '"initialized":true'; do
# sleep 2
# done
# export VAULT_ADDR=http://vault:8200
# vault auth enable oidc || true
# vault write auth/oidc/config \
# oidc_discovery_url="https://keycloack.dvirlabs.com/realms/lab" \
# oidc_client_id="vault" \
# oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
# default_role="vault-role"
# vault policy write oidc-ui-access - <<EOF
# path "auth/oidc/role/vault-role" {
# capabilities = ["read"]
# }
# EOF
# vault write auth/oidc/role/vault-role \
# bound_audiences="vault" \
# allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
# user_claim="preferred_username" \
# groups_claim="groups" \
# oidc_scopes="profile email groups" \
# policies="default" \
# token_policies="oidc-ui-access" \
# ttl="1h"
# env:
# - name: VAULT_TOKEN
# valueFrom:
# secretKeyRef:
# name: vault-init
# key: root-token
ui:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: vault.dvirlabs.com
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- vault.dvirlabs.com
csi:
agent:
enabled: false
Reference in New Issue View Git Blame Copy Permalink