Skip to content

Commit

Permalink
Turn off Keycloak HTTP and make the Keycloak HTTPS only
Browse files Browse the repository at this point in the history
This is the default for Keycloak.
HTTP is insecure.
  • Loading branch information
Gabriel Mainberger committed Jul 10, 2023
1 parent 6cd8da3 commit ff959c2
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 12 deletions.
23 changes: 23 additions & 0 deletions class/defaults.yml
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,29 @@ parameters:
annotations: ${keycloak:_service_annotations:${keycloak:tls:provider}}
httpPort: 8080
labels: ${keycloak:labels}
livenessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
readinessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
startupProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
port: https
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 1
failureThreshold: 60
periodSeconds: 5
serviceMonitor:
enabled: ${keycloak:monitoring:enabled}
labels: ${keycloak:labels}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -117,7 +118,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -134,7 +136,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -115,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -132,7 +134,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -115,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -132,7 +134,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ spec:
livenessProbe:
httpGet:
path: /auth/health/live
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 0
timeoutSeconds: 5
name: keycloak
Expand All @@ -115,7 +116,8 @@ spec:
readinessProbe:
httpGet:
path: /auth/health/ready
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1
resources:
Expand All @@ -130,7 +132,8 @@ spec:
failureThreshold: 60
httpGet:
path: /auth/health
port: http
port: https
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 1
Expand Down

0 comments on commit ff959c2

Please sign in to comment.