From b291bba5d1fb4b688873065bd63a3ff8a921db33 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Mon, 30 Dec 2024 18:37:19 +0100
Subject: [PATCH] fix: disable keycloak admin ingress

---
 values/keycloak/prod/ingress.yaml | 46 +++++++++++++++++++++++++++++++
 values/keycloak/values-prod.yaml  |  2 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 values/keycloak/prod/ingress.yaml

diff --git a/values/keycloak/prod/ingress.yaml b/values/keycloak/prod/ingress.yaml
new file mode 100644
index 00000000..e36fd058
--- /dev/null
+++ b/values/keycloak/prod/ingress.yaml
@@ -0,0 +1,46 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  labels:
+    app.kubernetes.io/component: keycloak
+    app.kubernetes.io/instance: prod-keycloak
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/version: 26.0.2
+  name: prod-keycloak-admin
+  namespace: keycloak
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: auth.oceanbox.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prod-keycloak
+            port:
+              name: http
+        path: /admin
+        pathType: ImplementationSpecific
+  - host: keycloak.adm.oceanbox.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prod-keycloak
+            port:
+              name: http
+        path: /admin
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - auth.oceanbox.io
+    - keycloak.adm.oceanbox.io
+    secretName: auth.oceanbox.io-tls
+
diff --git a/values/keycloak/values-prod.yaml b/values/keycloak/values-prod.yaml
index 3cda75e0..18d545f7 100644
--- a/values/keycloak/values-prod.yaml
+++ b/values/keycloak/values-prod.yaml
@@ -47,7 +47,7 @@ ingress:
   tls: true
 
 adminIngress:
-  enabled: true
+  enabled: false
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/enable-cors: "true"