bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keycloak: stop writing oauth2-proxy secret

Browse Source
This commit is contained in:
Brad Stein 2026-01-15 02:37:04 -03:00
parent f9fa6dcbb4
commit 53da4c20ab
1 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
services/keycloak/logs-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: logs-oidc-secret-ensure-7 name: logs-oidc-secret-ensure-8
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0
@ -31,7 +31,7 @@ spec:
- | - |
set -euo pipefail set -euo pipefail
. /vault/secrets/keycloak-admin-env.sh . /vault/secrets/keycloak-admin-env.sh
apk add --no-cache curl jq kubectl openssl >/dev/null apk add --no-cache curl jq openssl >/dev/null
KC_URL="http://keycloak.sso.svc.cluster.local" KC_URL="http://keycloak.sso.svc.cluster.local"
ACCESS_TOKEN="" ACCESS_TOKEN=""
@ -116,10 +116,5 @@ spec:
'{data:{client_id:$client_id,client_secret:$client_secret,cookie_secret:$cookie_secret}}')" '{data:{client_id:$client_id,client_secret:$client_secret,cookie_secret:$cookie_secret}}')"
curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \ curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \
-d "${payload}" "${vault_addr}/v1/kv/data/atlas/logging/oauth2-proxy-logs-oidc" >/dev/null -d "${payload}" "${vault_addr}/v1/kv/data/atlas/logging/oauth2-proxy-logs-oidc" >/dev/null
kubectl -n logging create secret generic oauth2-proxy-logs-oidc \
--from-literal=client_id="logs" \
--from-literal=client_secret="${CLIENT_SECRET}" \
--from-literal=cookie_secret="${COOKIE_SECRET}" \
--dry-run=client -o yaml | kubectl -n logging apply -f - >/dev/null
volumeMounts: volumeMounts:
volumes: volumes: