From a315b60cc7dd08cd3ee632794d8c1648d72e251f Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 11 Nov 2023 22:30:52 +0000
Subject: [PATCH] protect k8s dashboard with 0auth instead of client tls [ci
 skip]

---
 modules/kubernetes/k8s-dashboard/main.tf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf
index 3ae0b68f..e6831619 100644
--- a/modules/kubernetes/k8s-dashboard/main.tf
+++ b/modules/kubernetes/k8s-dashboard/main.tf
@@ -49,14 +49,14 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" {
     name      = "kubernetes-dashboard"
     namespace = "kubernetes-dashboard"
     annotations = {
-      "kubernetes.io/ingress.class"                        = "nginx"
-      "nginx.ingress.kubernetes.io/backend-protocol"       = "HTTPS"
-      "nginx.ingress.kubernetes.io/force-ssl-redirect"     = "true"
-      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
-      "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name
+      "kubernetes.io/ingress.class"                    = "nginx"
+      "nginx.ingress.kubernetes.io/backend-protocol"   = "HTTPS"
+      "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
+      # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      # "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name
 
-      # "nginx.ingress.kubernetes.io/auth-url"    = "https://$host/oauth2/auth"
-      # "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri"
+      "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
     }
   }