Skip to content

Commit

Permalink
Turn off Keycloak HTTP and make the Keycloak HTTPS only
Browse files Browse the repository at this point in the history 
This is the default for Keycloak.
HTTP is insecure.
  • Loading branch information
Gabriel Mainberger committed Dec 8, 2022
1 parent b64d757 commit 0c3b61e
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 17 deletions.
24 changes: 23 additions & 1 deletion class/defaults.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,6 @@ parameters:
args:
- start
- --auto-build
- --http-enabled=true # Helm chart requires it currently

# extraEnv *MUST* be a string, as it's fed through a templating
# function.
Expand Down Expand Up @@ -252,6 +251,29 @@ parameters:
annotations: ${keycloak:_service_annotations:${keycloak:tls:provider}}
httpPort: 8080
labels: ${keycloak:labels}
livenessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
readinessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
startupProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
port: https
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 1
failureThreshold: 60
periodSeconds: 5
serviceMonitor:
enabled: ${keycloak:monitoring:enabled}
labels: ${keycloak:labels}
Expand Down
10 changes: 6 additions & 4 deletions ...golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
- args:
- start
- --auto-build
- --http-enabled=true
env:
- name: FOO
value: bar
Expand Down Expand Up @@ -104,7 +103,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -118,7 +118,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -135,7 +136,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
10 changes: 6 additions & 4 deletions ...den/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
- args:
- start
- --auto-build
- --http-enabled=true
env:
- name: JAVA_OPTS
value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true
Expand Down Expand Up @@ -102,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -116,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -133,7 +134,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
10 changes: 6 additions & 4 deletions ...ft-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
- args:
- start
- --auto-build
- --http-enabled=true
env:
- name: JAVA_OPTS
value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true
Expand Down Expand Up @@ -102,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -116,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -133,7 +134,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
10 changes: 6 additions & 4 deletions .../openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ spec:
- args:
- start
- --auto-build
- --http-enabled=true
env:
- name: JAVA_OPTS
value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true
Expand Down Expand Up @@ -102,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -116,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -131,7 +132,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down

0 comments on commit 0c3b61e

Please sign in to comment.