From b7cf481fc0cd738a4a11d5d2ebe1c888f8e33c10 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Sat, 22 Jan 2022 05:03:00 +0100 Subject: [PATCH] fix(longhorn): Implement ingress-nginx best practices from oauth2-proxy Reference: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive --- clusters/k8s01/longhorn/ingress.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/clusters/k8s01/longhorn/ingress.yaml b/clusters/k8s01/longhorn/ingress.yaml index c56fa3095..ad5bf6102 100644 --- a/clusters/k8s01/longhorn/ingress.yaml +++ b/clusters/k8s01/longhorn/ingress.yaml @@ -4,8 +4,17 @@ metadata: name: longhorn-ingress namespace: longhorn-system annotations: + nginx.ingress.kubernetes.io/auth-response-headers: Authorization nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $name_upstream_1 $upstream_cookie_name_1; + + access_by_lua_block { + if ngx.var.name_upstream_1 ~= "" then + ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)") + end + } spec: rules: - host: ENC[AES256_GCM,data:eBQRvj0E4eODWDYTXe+1iu3p+koCwHhVcxw=,iv:DR0LwShFLl9pS13VgTuCuag8qo3uKug26g9eV2AAkLE=,tag:c7MwWxEsVuV0EvckG+nKqQ==,type:str] @@ -28,8 +37,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-01-22T03:28:09Z" - mac: ENC[AES256_GCM,data:G5p4KshAwOCK0aRVS+OzsaU7LIvHypBmpz9oSy95NDQvgF3AQzd1VuQf400kYKMvw1Y96zQWS/AiSoNXjczoZEkVjQ7L093ypGPa6x0bRG0FoAfGc8yl1J5BKu6ORvm3QYIwFD28rMWeneKMaFLYYCqoFz6x1WZfOidJa8EyFwQ=,iv:uDf1zVtkLscPCtLYeNdAF5iIdlTXiYeJM9uDt89T/ek=,tag:llG0bGVHxgIuRnbMVWwY/w==,type:str] + lastmodified: "2022-01-22T04:02:54Z" + mac: ENC[AES256_GCM,data:20jXv3xTGy4zoXEUgpRdw7zOq1OvEp/fvfvj8/e6N8yMluVQxpkuQSbHu1gecyhhyYu9fwASeacdLYgv7q33vIW8z1L9OAD9ZTOUf2OCtZqS+fHdBqA4PDSaT2WyAqdc1mcptcEC3Ml91p0nngPlDPowpny6/7P9Y+n+DVZrtCE=,iv:/XIiyCEmHBcKa/4tQfVOABRlSqGpVaPVZNu6bx9lUn0=,tag:V8TgJ8nZCYYbfuEZKw107g==,type:str] pgp: - created_at: "2022-01-22T02:43:51Z" enc: |- -- GitLab