protect k8s dashboard with 0auth instead of client tls [ci skip]

2023-11-11 22:30:52 +00:00 · 2023-11-11 22:30:52 +00:00 · a315b60cc7
commit a315b60cc7
parent 81d6452e6b
1 changed files with 7 additions and 7 deletions
--- a/modules/kubernetes/k8s-dashboard/main.tf
+++ b/modules/kubernetes/k8s-dashboard/main.tf
@ -49,14 +49,14 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" {
    name      = "kubernetes-dashboard"
    namespace = "kubernetes-dashboard"
    annotations = {
-      "kubernetes.io/ingress.class"                        = "nginx"
-      "nginx.ingress.kubernetes.io/backend-protocol"       = "HTTPS"
-      "nginx.ingress.kubernetes.io/force-ssl-redirect"     = "true"
-      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
-      "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name
+      "kubernetes.io/ingress.class"                    = "nginx"
+      "nginx.ingress.kubernetes.io/backend-protocol"   = "HTTPS"
+      "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
+      # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      # "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name

-      # "nginx.ingress.kubernetes.io/auth-url"    = "https://$host/oauth2/auth"
-      # "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri"
+      "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
    }
  }