From 04edc974d6cb1f6caa54bc2717807fee9f6eadb5 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 14 Sep 2022 14:22:04 +0200
Subject: [PATCH] fix(nas): Require minimal cookies for oauth2

This patch reduces the size of the session cookie for the oidc pods, to
allow ingress-nginx to operate as expected.
---
 clusters/k8s01/nas/oauth2.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/clusters/k8s01/nas/oauth2.yaml b/clusters/k8s01/nas/oauth2.yaml
index df2b9973a..6128e9f7c 100644
--- a/clusters/k8s01/nas/oauth2.yaml
+++ b/clusters/k8s01/nas/oauth2.yaml
@@ -12,8 +12,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-09-14T12:03:08Z"
-    mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+    lastmodified: "2022-09-14T12:21:58Z"
+    mac: ENC[AES256_GCM,data:BrkRRJnr3p3WVi845kvN1pS1DuVocGE8OoGYdazTjl+khQvXYaK06b6//olg3yCKabNaHkR73tZYI4+ZLJ4Iem0k5E6QdVGHZh+mxXpw0jnEquTokxy/CVjCZ34UFcnbDEJMYBpHxokb9TcfoNXB/QkUqt8wxSZ3VxfIw0UrB2Y=,iv:zzWYbpX47yI3eSmMHiX5QPFV8qNiO+lEeplluDkmXG8=,tag:/99CideeqRbQ6egZrBXy7g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -90,6 +90,7 @@ spec:
             oidc-issuer-url: ENC[AES256_GCM,data:lcMt0EiZJPca/5iwNp4Ged6qchqzkuKAXOiyJNR99jfJPRwBjMp3JJJmvfhdU+dU1/VFqMgk3w==,iv:0avQixtcn6Mr87AcloKhIVAIcp08eQk9Ud80CjMRfB4=,tag:uGVgCeeqOoD7ZxhDHvfQmQ==,type:str]
             allowed-role: minio-console:user
             whitelist-domain: ENC[AES256_GCM,data:SKqK+unRFLC6Y5DNmhgTJ1Bq4Z+PSgT2NLa4/MVR,iv:+lzfSaArulzf8q9giuPFIoBbgGd9jogKTroyrYqeCT0=,tag:Dbdu3OKdwRfx/T4gZQuJIQ==,type:str]
+            session-cookie-minimal: true
         replicaCount: 2
         securityContext:
             enabled: true
@@ -123,8 +124,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-09-14T12:03:08Z"
-    mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+    lastmodified: "2022-09-14T12:21:58Z"
+    mac: ENC[AES256_GCM,data:BrkRRJnr3p3WVi845kvN1pS1DuVocGE8OoGYdazTjl+khQvXYaK06b6//olg3yCKabNaHkR73tZYI4+ZLJ4Iem0k5E6QdVGHZh+mxXpw0jnEquTokxy/CVjCZ34UFcnbDEJMYBpHxokb9TcfoNXB/QkUqt8wxSZ3VxfIw0UrB2Y=,iv:zzWYbpX47yI3eSmMHiX5QPFV8qNiO+lEeplluDkmXG8=,tag:/99CideeqRbQ6egZrBXy7g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -190,8 +191,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-09-14T12:03:08Z"
-    mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+    lastmodified: "2022-09-14T12:21:58Z"
+    mac: ENC[AES256_GCM,data:BrkRRJnr3p3WVi845kvN1pS1DuVocGE8OoGYdazTjl+khQvXYaK06b6//olg3yCKabNaHkR73tZYI4+ZLJ4Iem0k5E6QdVGHZh+mxXpw0jnEquTokxy/CVjCZ34UFcnbDEJMYBpHxokb9TcfoNXB/QkUqt8wxSZ3VxfIw0UrB2Y=,iv:zzWYbpX47yI3eSmMHiX5QPFV8qNiO+lEeplluDkmXG8=,tag:/99CideeqRbQ6egZrBXy7g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
-- 
GitLab