zot: align oidc client to oauth2-proxy; add vault redirect

services/keycloak/zot-client-bootstrap.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-zot-client-bootstrap-3
+  name: keycloak-zot-client-bootstrap-4
   namespace: sso
   labels:
     app: keycloak-zot-client-bootstrap
@@ -37,7 +37,7 @@ spec:
             - name: CLIENT_IDS
               value: "oauth2-proxy oauth2-proxy-zot"
             - name: REDIRECT_URIS
-              value: '["https://auth.bstein.dev/oauth2/callback","https://registry.bstein.dev/oauth2/callback","https://longhorn.bstein.dev/oauth2/callback","https://secret.bstein.dev/ui/vault/auth/oidc/oidc/callback"]'
+              value: '["https://auth.bstein.dev/oauth2/callback","https://registry.bstein.dev/oauth2/callback","https://longhorn.bstein.dev/oauth2/callback","https://secret.bstein.dev/oauth2/callback","https://secret.bstein.dev/ui/vault/auth/oidc/oidc/callback"]'
             - name: WEB_ORIGINS
               value: '["https://registry.bstein.dev","https://auth.bstein.dev","https://longhorn.bstein.dev","https://secret.bstein.dev"]'
           command:

services/zot/configmap.yaml

@@ -24,7 +24,7 @@ data:
             "providers": {
               "oidc": {
                 "issuer": "https://sso.bstein.dev/realms/atlas",
-                "clientID": "zot",
+                "clientID": "oauth2-proxy",
                 "clientSecret": "__CLIENT_SECRET__",
                 "scopes": ["openid", "profile", "email", "groups"]
               }

services/zot/deployment.yaml

@@ -73,7 +73,7 @@ spec:
             - name: ZOT_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: zot-oidc-client
+                  name: oauth2-proxy-zot-oidc
                   key: client_secret
           volumeMounts:
             - name: cfg-src