fix(longhorn): Fix oauth2-proxy scope

Currently the fix for various DoS attack turned out to be an own DoS attack since it removed the default scopes from the keycloak provider.

fix(longhorn): Fix oauth2-proxy scope
242031c6 · Sheogorath · 2020685b · 242031c6
Verified Commit 242031c6 authored 1 year ago by Sheogorath
--- a/clusters/k8s01/longhorn/oauth2.yaml
+++ b/clusters/k8s01/longhorn/oauth2.yaml
@@ -12,8 +12,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2022-09-10T15:57:21Z"
-    mac: ENC[AES256_GCM,data:WUhf2e5p9MA3ChIJFwfAHt8H0XFtD3z9Zk0KBsXI5baKOeQQIi4//4w/Wvw6KCDqJcLEA/mX7pl0BWr79WZCGJpZDvjdFWpT222fUdgiWv3tZXy5gKrhj16i3nGsVuJPpr+gRSMzvtuxW3OuhH4Ux/aN056PwCdqQcGRbvEmkkU=,iv:CTK0DnBvVpDoJunqxk2lRx+xfsmcKDzJN2KVIGw75wk=,tag:w+7kUL0lyGqQbZOHmJAHIA==,type:str]
+    lastmodified: "2023-09-09T23:03:59Z"
+    mac: ENC[AES256_GCM,data:eMaMKg/uAx3EyGMaXb5h67f+BYqzTn/G6Dk/cpwQxnzU/lTFNU+3sO8hs2YmoZa6J6eUR9zTUn2JFOxc4tA5u+Tymf0G1CLB+L6FGunbUu2cnwKocHe7rDBI08Ej1QhonkTvETUR45ljNhAaxP6JHyv32bRabGoj6uj7DVIhA9E=,iv:oha2BVKDPrug9B00mzoSLB+Jfq4TPomXbrnl43L10gA=,tag:9+bk+puCmmFgVusjqAoukQ==,type:str]
    pgp:
        - created_at: "2022-01-22T04:06:16Z"
          enc: |-
@@ -57,7 +57,7 @@ sops:
            -----END PGP MESSAGE-----
          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
-    version: 3.7.1
+    version: 3.7.3
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
@@ -90,6 +90,7 @@ spec:
            oidc-issuer-url: ENC[AES256_GCM,data:lcMt0EiZJPca/5iwNp4Ged6qchqzkuKAXOiyJNR99jfJPRwBjMp3JJJmvfhdU+dU1/VFqMgk3w==,iv:0avQixtcn6Mr87AcloKhIVAIcp08eQk9Ud80CjMRfB4=,tag:uGVgCeeqOoD7ZxhDHvfQmQ==,type:str]
            allowed-role: longhorn-k8s01:admin
            whitelist-domain: ENC[AES256_GCM,data:tER85lGPEwqvByG9pvXJ8vGJTbkreDZaRmI=,iv:bUFq8MLCBUYzr2fM4xLODnhcVTFHaXPau/LB65tmkzA=,tag:NXCEUy086V8PXfiUSzaLQA==,type:str]
+            scope: openid email profile
        replicaCount: 2
        securityContext:
            enabled: true
@@ -123,8 +124,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2022-09-10T15:57:21Z"
-    mac: ENC[AES256_GCM,data:WUhf2e5p9MA3ChIJFwfAHt8H0XFtD3z9Zk0KBsXI5baKOeQQIi4//4w/Wvw6KCDqJcLEA/mX7pl0BWr79WZCGJpZDvjdFWpT222fUdgiWv3tZXy5gKrhj16i3nGsVuJPpr+gRSMzvtuxW3OuhH4Ux/aN056PwCdqQcGRbvEmkkU=,iv:CTK0DnBvVpDoJunqxk2lRx+xfsmcKDzJN2KVIGw75wk=,tag:w+7kUL0lyGqQbZOHmJAHIA==,type:str]
+    lastmodified: "2023-09-09T23:03:59Z"
+    mac: ENC[AES256_GCM,data:eMaMKg/uAx3EyGMaXb5h67f+BYqzTn/G6Dk/cpwQxnzU/lTFNU+3sO8hs2YmoZa6J6eUR9zTUn2JFOxc4tA5u+Tymf0G1CLB+L6FGunbUu2cnwKocHe7rDBI08Ej1QhonkTvETUR45ljNhAaxP6JHyv32bRabGoj6uj7DVIhA9E=,iv:oha2BVKDPrug9B00mzoSLB+Jfq4TPomXbrnl43L10gA=,tag:9+bk+puCmmFgVusjqAoukQ==,type:str]
    pgp:
        - created_at: "2022-01-22T04:06:16Z"
          enc: |-
@@ -168,7 +169,7 @@ sops:
            -----END PGP MESSAGE-----
          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
-    version: 3.7.1
+    version: 3.7.3
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -190,8 +191,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2022-09-10T15:57:21Z"
-    mac: ENC[AES256_GCM,data:WUhf2e5p9MA3ChIJFwfAHt8H0XFtD3z9Zk0KBsXI5baKOeQQIi4//4w/Wvw6KCDqJcLEA/mX7pl0BWr79WZCGJpZDvjdFWpT222fUdgiWv3tZXy5gKrhj16i3nGsVuJPpr+gRSMzvtuxW3OuhH4Ux/aN056PwCdqQcGRbvEmkkU=,iv:CTK0DnBvVpDoJunqxk2lRx+xfsmcKDzJN2KVIGw75wk=,tag:w+7kUL0lyGqQbZOHmJAHIA==,type:str]
+    lastmodified: "2023-09-09T23:03:59Z"
+    mac: ENC[AES256_GCM,data:eMaMKg/uAx3EyGMaXb5h67f+BYqzTn/G6Dk/cpwQxnzU/lTFNU+3sO8hs2YmoZa6J6eUR9zTUn2JFOxc4tA5u+Tymf0G1CLB+L6FGunbUu2cnwKocHe7rDBI08Ej1QhonkTvETUR45ljNhAaxP6JHyv32bRabGoj6uj7DVIhA9E=,iv:oha2BVKDPrug9B00mzoSLB+Jfq4TPomXbrnl43L10gA=,tag:9+bk+puCmmFgVusjqAoukQ==,type:str]
    pgp:
        - created_at: "2022-01-22T04:06:16Z"
          enc: |-
@@ -235,4 +236,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
-    version: 3.7.1
+    version: 3.7.3