Fixing Bug with KeyCloak Ingress

[elamaran11]

Fixing Bug with KeyCloak Ingress

[nabuskey]

It's my bad for not documenting this but it's actually intentional that the service is configured that way. It's a way to ensure keycloak admin console and master realms are not accessible. See this for more information: https://www.keycloak.org/server/configuration-production

I know we are not doing this for production but I do want to follow minimum security measures when exposing things to the internet.

[elamaran11]

Understood, IMO you can expose it for reference implementation and add notes to say for prod scenarios this is not recommended. I was blind and have to spend some time to fix for my impl. Worst case the paths should be removed vs having wrong port 8081

[nabuskey]

I see. I should have documented that.

How about we add a switch in Terraform to enable this? Set default not enabled. If users want to have this, they have to change the value themselves. We can put a comment in there and warn users.

[elamaran11]

Ya thats very fair. I can make that code change sometime and also add comment.

[csantanapr]

keycloak not longer done in terraform
https://github.com/cnoe-io/reference-implementation-aws/tree/main/packages/keycloak