github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 10:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

dashboard auth-proxy enable cookie-secure (#1287)

Browse Source 
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->

## What this PR does

- dashboard auth-proxy enable cookie-secure

### Release note

<!--  Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->

```release-note
- dashboard auth-proxy enable cookie-secure
```

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Updated Keycloak client redirect URI to use HTTPS instead of HTTP.
* Improved authentication security by adjusting cookie and SSL settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Andrei Kvapil
2025-08-01 12:50:24 +02:00
committed by GitHub
parent 2fa56fc1e1 1ab63187c9
commit c81c9d255a
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/system/keycloak-configure/templates/configure-kk.yaml
View File

@@ -200,7 +200,7 @@ spec:
- groups
- kubernetes-client
redirectUris:
- "http://dashboard.{{ $host }}/oauth2/callback/*"
- "https://dashboard.{{ $host }}/oauth2/callback/*"
{{- range $i, $v := $extraRedirectUris }}
- "{{ $v }}"
{{- end }}
@@ -223,8 +223,7 @@ data:
clientSecret: {{ $kubeappsClient }}
cookieSecret: {{ $cookieSecret }}
extraFlags:
- --ssl-insecure-skip-verify
- --cookie-secure=false
- --cookie-secure
- --scope=openid email groups
- --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy