From cc4cb0a0272bf3f5c4cd016f274e9700b55b7f23 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Thu, 13 Apr 2023 12:06:28 +0000 Subject: [PATCH] reenable tls auth for k8s dashboard --- modules/kubernetes/k8s-dashboard/main.tf | 37 ++---------------------- 1 file changed, 2 insertions(+), 35 deletions(-) diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index 6bd22f75..9aaf7c50 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -49,8 +49,8 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS" "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name + "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" + "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name # "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth" # "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri" @@ -131,36 +131,3 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" { # } # depends_on = [module.dashboard] # } - -resource "kubernetes_ingress_v1" "kubernetes_dashboard" { - metadata { - name = "kubernetes-dashboard" - namespace = "kubernetes-dashboard" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["k8s.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "k8s.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "kubernetes-dashboard" - port { - number = 443 - } - } - } - } - } - } - } -}