Skip to content

Commit b825da2

Browse files
florianowflorianow
committed
feat: missing ip_restrictions
feat: testing ip restrictions chore: remove ip restrictions
1 parent 0312380 commit b825da2

1 file changed

Lines changed: 10 additions & 54 deletions

File tree

modules/seaweedfs-instance/ingress.tf

Lines changed: 10 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -122,30 +122,9 @@ resource "kubernetes_config_map" "keycloak_modsec" {
122122
}
123123
}
124124

125-
resource "kubernetes_config_map" "seaweedfs_ip_whitelist_geo" {
125+
resource "kubernetes_config_map" "seaweedfs_ip_whitelist" {
126126
metadata {
127-
name = "seaweedfs-ip-whitelist-geo"
128-
namespace = kubernetes_namespace.this.metadata[0].name
129-
130-
annotations = {
131-
"bunkerweb.io/CONFIG_TYPE" = "http"
132-
"bunkerweb.io/CONFIG_SITE" = var.seaweedfs_domain
133-
}
134-
}
135-
136-
data = {
137-
"geo-block.conf" = <<-EOT
138-
geo $seaweedfs_ip_whitelist {
139-
default 0;
140-
${join("\n ", [for cidr in split(",", var.allowed_ip_addresses) : "${trimspace(cidr)} 1;"])}
141-
}
142-
EOT
143-
}
144-
}
145-
146-
resource "kubernetes_config_map" "seaweedfs_ip_whitelist_check" {
147-
metadata {
148-
name = "seaweedfs-ip-whitelist-check"
127+
name = "seaweedfs-ip-whitelist"
149128
namespace = kubernetes_namespace.this.metadata[0].name
150129

151130
annotations = {
@@ -155,38 +134,16 @@ resource "kubernetes_config_map" "seaweedfs_ip_whitelist_check" {
155134
}
156135

157136
data = {
158-
"ip-check.conf" = <<-EOT
159-
if ($seaweedfs_ip_whitelist = 0) {
160-
return 403;
161-
}
162-
EOT
163-
}
164-
}
165-
166-
resource "kubernetes_config_map" "keycloak_ip_whitelist_geo" {
167-
metadata {
168-
name = "keycloak-ip-whitelist-geo"
169-
namespace = kubernetes_namespace.this.metadata[0].name
170-
171-
annotations = {
172-
"bunkerweb.io/CONFIG_TYPE" = "http"
173-
"bunkerweb.io/CONFIG_SITE" = var.keycloak_domain
174-
}
175-
}
176-
177-
data = {
178-
"geo-block.conf" = <<-EOT
179-
geo $keycloak_ip_whitelist {
180-
default 0;
181-
${join("\n ", [for cidr in split(",", var.allowed_ip_addresses) : "${trimspace(cidr)} 1;"])}
182-
}
137+
"ip-whitelist.conf" = <<-EOT
138+
${join("\n ", [for cidr in split(",", var.allowed_ip_addresses) : "allow ${trimspace(cidr)};"])}
139+
deny all;
183140
EOT
184141
}
185142
}
186143

187-
resource "kubernetes_config_map" "keycloak_ip_whitelist_check" {
144+
resource "kubernetes_config_map" "keycloak_ip_whitelist" {
188145
metadata {
189-
name = "keycloak-ip-whitelist-check"
146+
name = "keycloak-ip-whitelist"
190147
namespace = kubernetes_namespace.this.metadata[0].name
191148

192149
annotations = {
@@ -196,10 +153,9 @@ resource "kubernetes_config_map" "keycloak_ip_whitelist_check" {
196153
}
197154

198155
data = {
199-
"ip-check.conf" = <<-EOT
200-
if ($keycloak_ip_whitelist = 0) {
201-
return 403;
202-
}
156+
"ip-whitelist.conf" = <<-EOT
157+
${join("\n ", [for cidr in split(",", var.allowed_ip_addresses) : "allow ${trimspace(cidr)};"])}
158+
deny all;
203159
EOT
204160
}
205161
}

0 commit comments

Comments
 (0)