How to restrict access to Keycloak admin console to a specific IP/IP range?
Is there any way to restrict the access to the keycloak admin console by IP / IP Range? I have deployed the Keycloak in Azure Kubernetes that uses Nginx Ingress controller. So, I tried to restrict as highlighted below
but it blocks everything. I would assume that Ingress receives the incoming request from the Azure Kubernetes Load balancer so it does not consider the client IP to allow access.
How do I restrict the access to the keycloak admin console by IP / IP Range?
Update#1: I believe that the above configuration to restrict the path by the IP / IP Range is effective expect that it redirects the coming request to a non-existing location
xxx.xxx.xxx.xxx - - [30/Aug/2023:15:42:25 +0000] "GET **/admin/** HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" 507 0.000 [-] [] - - - - bfbe1faa35dcc40e82e5e22bd557cf96
2023/08/30 15:42:25 [error] 1171#1171: *6809656 **"/usr/local/nginx/html/admin/index.html"** is not found (2: No such file or directory), client: 173.32.206.145, server: account.qa.oly.nova-x.co, request: "GET /admin/ HTTP/2.0", host: "xxxx"
I was expecting this to apply just the IP based filter but not change the existing behaviour.
You can use loadBalancerSourceRanges on the service as mentioned here.
To restrict traffic for a certain path use location-snippet instead of server-snippet as detailed in this answer.
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- Spring Boot Application Fails to Create/Replace ConfigMap in Minikube After Upgrade
- GKE Autopilot: How to add/manage SSL Certificate to GKE autopilot
- Is it possible to allow egress traffic by hostname?
- helm chart error can't evaluate field Values in type interface {}
- What is the difference between Helm and Kustomize?
- How to delete and recreate pods using yaml file in kubernetes
- Kubernetes: get actual resource limits from within container
- How to execute kubectl commands in HCP?
- How to connect HCP to authenticate to AKS cluster for deploying Helm and K8 resources?
- How to set pod system time in the Rancher Edit Yaml setting?
- Kubernetes on Minikube: "The connection to the server localhost:8080 was refused" error despite Minikube being configured
- Airflow Sync Dags from S3 Causes Dag Execution Error
- Validate kubernetes memory & cpu resources input strings in python
- Empty custom metrics resource list with Prometheus adapter
- Why does kubectl get events shows nothing unlike logs?
- Is it possible to get the details of the node where the pod ran before restart?
- AWS EKS secrets store provider - Failed to fetch secret from all regions: name
- kubectl rollout status for ALL deployments in a namespace
- How to restrict access to Keycloak admin console to a specific IP/IP range?
- How to gracefully shutdown servelts in tomcat in docker container?
- Run argocd in a k3d cluster with local repo
- Quarkus Application Fails to Connect to PostgreSQL in Kubernetes (FATAL: password authentication failed)
- Access Forbidden while accessing log in airflow with CeleryExecutor
- How do you find the cluster & service CIDR of a Kubernetes cluster?
- DNS problem on AWS EKS when running in private subnets
- Application gateway path based routing giving error for a configured path
- kubernetes-How do I expose mysql service to another pod?
- Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
- Kubectl get nodes return "the server doesn't have a resource type "nodes""