feat(ory): add kratos-admin-ui service

Deploy the custom Kratos admin UI (Deno/Hono + Cunningham React): - K8s Deployment + Service in ory namespace - VSO VaultStaticSecret for cookie/csrf/admin-identity-ids secrets - Pingora route for admin.DOMAIN_SUFFIX
2026-03-03 11:30:52 +00:00
parent 9092e2711b
commit 6cc60c66ff
4 changed files with 99 additions and 0 deletions
--- a/base/ory/vault-secrets.yaml
+++ b/base/ory/vault-secrets.yaml
@@ -136,3 +136,29 @@ spec:
      templates:
        dsn:
          text: "postgresql://{{ index .Secrets \"username\" }}:{{ index .Secrets \"password\" }}@postgres-rw.data.svc.cluster.local:5432/hydra_db?sslmode=disable"
+---
+# Kratos Admin UI secrets.
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: kratos-admin-ui-secrets
+  namespace: ory
+spec:
+  vaultAuthRef: vso-auth
+  mount: secret
+  type: kv-v2
+  path: kratos-admin
+  refreshAfter: 30s
+  destination:
+    name: kratos-admin-ui-secrets
+    create: true
+    overwrite: true
+    transformation:
+      excludeRaw: true
+      templates:
+        cookie-secret:
+          text: "{{ index .Secrets \"cookie-secret\" }}"
+        csrf-cookie-secret:
+          text: "{{ index .Secrets \"csrf-cookie-secret\" }}"
+        admin-identity-ids:
+          text: "{{ index .Secrets \"admin-identity-ids\" }}"