Skip to content

Commit 9efe152

Browse files
florianowflorianow
committed
feat: locally keycloaak works?
1 parent f445ae9 commit 9efe152

File tree

4 files changed

+28
-6
lines changed

4 files changed

+28
-6
lines changed

ingress.tf

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,10 +50,16 @@ resource "kubernetes_ingress_v1" "keycloak" {
5050
annotations = {
5151
"bunkerweb.io/USE_MODSECURITY" = "yes"
5252
"bunkerweb.io/USE_ANTIBOT" = "no"
53+
"bunkerweb.io/USE_LIMIT_REQ" = "no"
5354
"bunkerweb.io/USE_BAD_BEHAVIOR" = "no"
5455
"bunkerweb.io/REDIRECT_HTTP_TO_HTTPS" = "no"
5556
"bunkerweb.io/INTERCEPTED_ERROR_CODES" = ""
5657
"bunkerweb.io/REVERSE_PROXY_INTERCEPT_ERRORS" = "no"
58+
"bunkerweb.io/COOKIE_AUTO_SECURE_FLAG" = "no"
59+
"bunkerweb.io/COOKIE_FLAGS" = "* SameSite=Lax"
60+
"bunkerweb.io/STRICT_TRANSPORT_SECURITY" = ""
61+
"bunkerweb.io/KEEP_UPSTREAM_HEADERS" = "*"
62+
"bunkerweb.io/CONTENT_SECURITY_POLICY" = ""
5763
}
5864
}
5965

@@ -84,3 +90,19 @@ resource "kubernetes_ingress_v1" "keycloak" {
8490

8591
depends_on = [helm_release.bunkerweb]
8692
}
93+
94+
resource "kubernetes_config_map" "keycloak_modsec" {
95+
metadata {
96+
name = "keycloak-modsec-crs"
97+
namespace = var.namespace
98+
99+
annotations = {
100+
"bunkerweb.io/CONFIG_TYPE" = "modsec-crs"
101+
"bunkerweb.io/CONFIG_SITE" = var.keycloak_domain
102+
}
103+
}
104+
105+
data = {
106+
"keycloak-exclusions.conf" = "SecRuleRemoveById 934100-934199\nSecRuleRemoveById 953100\nSecRuleRemoveById 959100"
107+
}
108+
}

keycloak.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ resource "kubernetes_deployment" "keycloak" {
138138

139139
env {
140140
name = "KC_HOSTNAME"
141-
value = "http://${var.keycloak_domain}:8080"
141+
value = "http://${var.keycloak_domain}"
142142
}
143143

144144
env {

seaweedfs.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
1717
type = "oidc"
1818
enabled = true
1919
config = {
20-
issuer = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
20+
issuer = "http://${var.keycloak_domain}/realms/seaweedfs"
2121
clientId = "seaweedfs-client"
2222
jwksUri = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs/protocol/openid-connect/certs"
2323
userInfoUri = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs/protocol/openid-connect/userinfo"
@@ -79,7 +79,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
7979
Action = ["sts:AssumeRoleWithWebIdentity"]
8080
Condition = {
8181
StringEquals = {
82-
"seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
82+
"seaweed:Issuer" = "http://${var.keycloak_domain}/realms/seaweedfs"
8383
}
8484
}
8585
}]
@@ -97,7 +97,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
9797
Action = ["sts:AssumeRoleWithWebIdentity"]
9898
Condition = {
9999
StringEquals = {
100-
"seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
100+
"seaweed:Issuer" = "http://${var.keycloak_domain}/realms/seaweedfs"
101101
}
102102
}
103103
}]
@@ -115,7 +115,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
115115
Action = ["sts:AssumeRoleWithWebIdentity"]
116116
Condition = {
117117
StringEquals = {
118-
"seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
118+
"seaweed:Issuer" = "http://${var.keycloak_domain}/realms/seaweedfs"
119119
}
120120
}
121121
}]

variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ variable "mariadb_user" {
8484

8585
variable "keycloak_admin_user" {
8686
type = string
87-
default = "admin"
87+
default = "KeycloakAdmin123!"
8888
description = "Keycloak admin username"
8989
}
9090

0 commit comments

Comments
 (0)