keycloak: stop writing oauth2-proxy secret

2026-01-15 02:37:04 -03:00 · 2026-01-15 02:37:04 -03:00 · 53da4c20ab
commit 53da4c20ab
parent f9fa6dcbb4
1 changed files with 3 additions and 8 deletions
--- a/services/keycloak/logs-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/logs-oidc-secret-ensure-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: logs-oidc-secret-ensure-7
+  name: logs-oidc-secret-ensure-8
  namespace: sso
 spec:
  backoffLimit: 0
@ -31,7 +31,7 @@ spec:
            - |
              set -euo pipefail
              . /vault/secrets/keycloak-admin-env.sh
-              apk add --no-cache curl jq kubectl openssl >/dev/null
+              apk add --no-cache curl jq openssl >/dev/null

              KC_URL="http://keycloak.sso.svc.cluster.local"
              ACCESS_TOKEN=""
@ -116,10 +116,5 @@ spec:
                '{data:{client_id:$client_id,client_secret:$client_secret,cookie_secret:$cookie_secret}}')"
              curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \
                -d "${payload}" "${vault_addr}/v1/kv/data/atlas/logging/oauth2-proxy-logs-oidc" >/dev/null
-              kubectl -n logging create secret generic oauth2-proxy-logs-oidc \
-                --from-literal=client_id="logs" \
-                --from-literal=client_secret="${CLIENT_SECRET}" \
-                --from-literal=cookie_secret="${COOKIE_SECRET}" \
-                --dry-run=client -o yaml | kubectl -n logging apply -f - >/dev/null
          volumeMounts:
-      volumes:
+      volumes: