feat: keycloak works on 8080

Author: florianow

README.md

@@ -203,7 +203,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_allowed_ip_addresses"></a> [allowed\_ip\_addresses](#input\_allowed\_ip\_addresses) | Comma-separated CIDR list for BunkerWeb IP whitelist | `string` | `"0.0.0.0/0"` | no |
-| <a name="input_bunkerweb_version"></a> [bunkerweb\_version](#input\_bunkerweb\_version) | BunkerWeb Helm chart version | `string` | `"1.6.1"` | no |
+| <a name="input_bunkerweb_version"></a> [bunkerweb\_version](#input\_bunkerweb\_version) | BunkerWeb Helm chart version | `string` | `"1.0.13"` | no |
 | <a name="input_keycloak_admin_password"></a> [keycloak\_admin\_password](#input\_keycloak\_admin\_password) | Keycloak admin password | `string` | `"admin"` | no |
 | <a name="input_keycloak_admin_user"></a> [keycloak\_admin\_user](#input\_keycloak\_admin\_user) | Keycloak admin username | `string` | `"admin"` | no |
 | <a name="input_keycloak_domain"></a> [keycloak\_domain](#input\_keycloak\_domain) | Domain for Keycloak | `string` | `"auth.localhost"` | no |

ingress.tf

@@ -4,13 +4,13 @@ resource "kubernetes_ingress_v1" "seaweedfs" {
     namespace = var.namespace
 
     annotations = {
-      "bunkerweb.io/USE_MODSECURITY"        = "yes"
-      "bunkerweb.io/USE_LIMIT_REQ"          = "yes"
-      "bunkerweb.io/LIMIT_REQ_URL"          = "/"
-      "bunkerweb.io/LIMIT_REQ_RATE"         = "30r/s"
-      "bunkerweb.io/WHITELIST_IP"           = var.allowed_ip_addresses
-      "bunkerweb.io/USE_BAD_BEHAVIOR"       = "yes"
-      "bunkerweb.io/REDIRECT_HTTP_TO_HTTPS" = "no"
+      "bunkerweb.io/USE_MODSECURITY"                = "yes"
+      "bunkerweb.io/USE_LIMIT_REQ"                  = "no"
+      "bunkerweb.io/USE_BAD_BEHAVIOR"               = "no"
+      "bunkerweb.io/REDIRECT_HTTP_TO_HTTPS"         = "no"
+      "bunkerweb.io/INTERCEPTED_ERROR_CODES"        = ""
+      "bunkerweb.io/REVERSE_PROXY_INTERCEPT_ERRORS" = "no"
+      "bunkerweb.io/ALLOWED_METHODS"                = "GET|POST|PUT|DELETE|HEAD|OPTIONS"
     }
   }
 
@@ -48,10 +48,12 @@ resource "kubernetes_ingress_v1" "keycloak" {
     namespace = var.namespace
 
     annotations = {
-      "bunkerweb.io/USE_MODSECURITY"        = "yes"
-      "bunkerweb.io/USE_ANTIBOT"            = "cookie"
-      "bunkerweb.io/USE_BAD_BEHAVIOR"       = "yes"
-      "bunkerweb.io/REDIRECT_HTTP_TO_HTTPS" = "no"
+      "bunkerweb.io/USE_MODSECURITY"                = "yes"
+      "bunkerweb.io/USE_ANTIBOT"                    = "no"
+      "bunkerweb.io/USE_BAD_BEHAVIOR"               = "no"
+      "bunkerweb.io/REDIRECT_HTTP_TO_HTTPS"         = "no"
+      "bunkerweb.io/INTERCEPTED_ERROR_CODES"        = ""
+      "bunkerweb.io/REVERSE_PROXY_INTERCEPT_ERRORS" = "no"
     }
   }
 

keycloak.tf

@@ -22,6 +22,8 @@ resource "kubernetes_persistent_volume_claim" "keycloak" {
     namespace = var.namespace
   }
 
+  wait_until_bound = false
+
   spec {
     access_modes       = ["ReadWriteOnce"]
     storage_class_name = var.storage_class_name
@@ -136,7 +138,7 @@ resource "kubernetes_deployment" "keycloak" {
 
           env {
             name  = "KC_HOSTNAME"
-            value = "http://${var.keycloak_domain}"
+            value = "http://${var.keycloak_domain}:8080"
           }
 
           env {

mariadb.tf

@@ -4,6 +4,8 @@ resource "kubernetes_persistent_volume_claim" "mariadb" {
     namespace = var.namespace
   }
 
+  wait_until_bound = false
+
   spec {
     access_modes       = ["ReadWriteOnce"]
     storage_class_name = var.storage_class_name

seaweedfs.tf

@@ -17,7 +17,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
         type    = "oidc"
         enabled = true
         config = {
-          issuer      = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs"
+          issuer      = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
           clientId    = "seaweedfs-client"
           jwksUri     = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs/protocol/openid-connect/certs"
           userInfoUri = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs/protocol/openid-connect/userinfo"
@@ -79,7 +79,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
               Action    = ["sts:AssumeRoleWithWebIdentity"]
               Condition = {
                 StringEquals = {
-                  "seaweed:Issuer" = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs"
+                  "seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
                 }
               }
             }]
@@ -97,7 +97,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
               Action    = ["sts:AssumeRoleWithWebIdentity"]
               Condition = {
                 StringEquals = {
-                  "seaweed:Issuer" = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs"
+                  "seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
                 }
               }
             }]
@@ -115,7 +115,7 @@ resource "kubernetes_secret" "seaweedfs_iam" {
               Action    = ["sts:AssumeRoleWithWebIdentity"]
               Condition = {
                 StringEquals = {
-                  "seaweed:Issuer" = "http://keycloak.${var.namespace}.svc.cluster.local:8080/realms/seaweedfs"
+                  "seaweed:Issuer" = "http://${var.keycloak_domain}:8080/realms/seaweedfs"
                 }
               }
             }]
@@ -132,6 +132,8 @@ resource "kubernetes_persistent_volume_claim" "seaweedfs" {
     namespace = var.namespace
   }
 
+  wait_until_bound = false
+
   spec {
     access_modes       = ["ReadWriteOnce"]
     storage_class_name = var.storage_class_name

variables.tf

@@ -132,6 +132,6 @@ variable "allowed_ip_addresses" {
 
 variable "bunkerweb_version" {
   type        = string
-  default     = "1.6.1"
+  default     = "1.0.13"
   description = "BunkerWeb Helm chart version"
 }