reenable tls auth for k8s dashboard
This commit is contained in:
parent
aaddd46799
commit
cc4cb0a027
1 changed files with 2 additions and 35 deletions
|
|
@ -49,8 +49,8 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" {
|
||||||
"kubernetes.io/ingress.class" = "nginx"
|
"kubernetes.io/ingress.class" = "nginx"
|
||||||
"nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS"
|
"nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS"
|
||||||
"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
|
"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
|
||||||
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
|
"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
|
||||||
# "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name
|
"nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name
|
||||||
|
|
||||||
# "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth"
|
# "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth"
|
||||||
# "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri"
|
# "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri"
|
||||||
|
|
@ -131,36 +131,3 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" {
|
||||||
# }
|
# }
|
||||||
# depends_on = [module.dashboard]
|
# depends_on = [module.dashboard]
|
||||||
# }
|
# }
|
||||||
|
|
||||||
resource "kubernetes_ingress_v1" "kubernetes_dashboard" {
|
|
||||||
metadata {
|
|
||||||
name = "kubernetes-dashboard"
|
|
||||||
namespace = "kubernetes-dashboard"
|
|
||||||
annotations = {
|
|
||||||
"kubernetes.io/ingress.class" = "nginx"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
spec {
|
|
||||||
tls {
|
|
||||||
hosts = ["k8s.viktorbarzin.me"]
|
|
||||||
secret_name = var.tls_secret_name
|
|
||||||
}
|
|
||||||
rule {
|
|
||||||
host = "k8s.viktorbarzin.me"
|
|
||||||
http {
|
|
||||||
path {
|
|
||||||
path = "/"
|
|
||||||
backend {
|
|
||||||
service {
|
|
||||||
name = "kubernetes-dashboard"
|
|
||||||
port {
|
|
||||||
number = 443
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue