viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

do not do hairpin for oauth2 proxy redirects [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2023-11-10 10:53:37 +00:00
parent 2adfe2873d
commit 48b70e9ac2
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/kubernetes/reverse_proxy/factory/main.tf
View file

@ -49,8 +49,11 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
annotations = {
"nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}"
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null
"nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
# "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
# Do not do hairpinning
"nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/auth" : null
"nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
}
}