From 8b22c707fb764a913dcd113e299ba665947065f8 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Tue, 9 Dec 2025 21:06:58 -0300
Subject: [PATCH] vault: send ingress directly to vault with oidc redirect

---
 services/vault/ingress.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/services/vault/ingress.yaml b/services/vault/ingress.yaml
index 8849cae..cbc0a74 100644
--- a/services/vault/ingress.yaml
+++ b/services/vault/ingress.yaml
@@ -7,7 +7,10 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: traefik
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: vault-login-redirect@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+    traefik.ingress.kubernetes.io/service.serverstransport: vault-to-https@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
@@ -21,6 +24,6 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: oauth2-proxy-vault
+                name: vault
                 port:
-                  number: 80
+                  number: 8200