From b9b87b326d215e5913a4b05baabbfd4d24b3acbc Mon Sep 17 00:00:00 2001 From: Finn Date: Wed, 17 Jul 2024 21:54:47 -0700 Subject: [PATCH] fix keycloak remote IP detection --- k8s/keycloak/deployment.yaml | 8 +------- k8s/keycloak/ingress.yaml | 5 +++++ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/k8s/keycloak/deployment.yaml b/k8s/keycloak/deployment.yaml index ee32b80..d1341d1 100644 --- a/k8s/keycloak/deployment.yaml +++ b/k8s/keycloak/deployment.yaml @@ -28,10 +28,6 @@ spec: subPath: ca.crt readOnly: true env: - - name: KEYCLOAK_ADMIN - value: "admin" - - name: KEYCLOAK_ADMIN_PASSWORD - value: "admin" - name: KC_HTTPS_CERTIFICATE_FILE value: "/etc/certs/tls.crt" - name: KC_HTTPS_CERTIFICATE_KEY_FILE @@ -44,10 +40,8 @@ spec: value: https://auth-next.janky.solutions/ - name: KC_HOSTNAME value: https://auth-next.janky.solutions/ - - name: KC_PROXY - value: reencrypt - name: KC_PROXY_HEADERS - value: forwarded + value: xforwarded - name: KC_DB value: postgres - name: KC_DB_URL diff --git a/k8s/keycloak/ingress.yaml b/k8s/keycloak/ingress.yaml index 1c68393..0148b91 100644 --- a/k8s/keycloak/ingress.yaml +++ b/k8s/keycloak/ingress.yaml @@ -11,7 +11,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: keycloak + annotations: + cert-manager.io/cluster-issuer: letsencrypt spec: + tls: + - hosts: [auth-next.janky.solutions] + secretName: auth-next.janky.solutions rules: - host: auth-next.janky.solutions http: