From daa02569b3c22c5b84918720b86073b1e1d74a57 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 31 Dec 2023 05:02:53 +0100
Subject: [PATCH] fix(longhorn): Restrict longhorn webinterface to local
 networks

---
 clusters/k8s01/longhorn/ingress.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/clusters/k8s01/longhorn/ingress.yaml b/clusters/k8s01/longhorn/ingress.yaml
index 188927c1a..cb1bd045a 100644
--- a/clusters/k8s01/longhorn/ingress.yaml
+++ b/clusters/k8s01/longhorn/ingress.yaml
@@ -7,6 +7,7 @@ metadata:
         nginx.ingress.kubernetes.io/auth-response-headers: Authorization
         nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
         nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+        nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/24
 spec:
     rules:
         - host: ENC[AES256_GCM,data:eBQRvj0E4eODWDYTXe+1iu3p+koCwHhVcxw=,iv:DR0LwShFLl9pS13VgTuCuag8qo3uKug26g9eV2AAkLE=,tag:c7MwWxEsVuV0EvckG+nKqQ==,type:str]
@@ -29,8 +30,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-09-26T17:04:34Z"
-    mac: ENC[AES256_GCM,data:Wa7b5GXKwhwNvRXTeaiLTE7i52zFJsyxXYgA/LJfiK9l88fdrmERZnx+a2yylTnvdqtJWLnoHfrLVb21D8cXJ413N/pLT/XSHSSjPYtz4uoMjI6XJCjv7ArP49HDw9TFztBgmo5+Xo80pjQa0Oh5+mfFFg610WgcbnQ41+HJqg4=,iv:8lES8eAmB/3DxmCQs0Kq5BTEd7AEze/yAbfS7Si3gt4=,tag:ezKlvvw7Q1iHYHtmFhWCkg==,type:str]
+    lastmodified: "2023-12-31T04:01:41Z"
+    mac: ENC[AES256_GCM,data:Rzs8zlsFm1LW7nMGrTCprJZib4L+as5H2xMmdjDc/0rai+BQnsk0N23+1GY937Gpr29GFQRfoQkz/GWjdG2ECgCSEN4GHW15rKc4ef87xniHy3opJqUmACISjTLxo/VZ479b55ZLvschBdN/n6NyTt8GMT1AAulAMDEPtAlMnYc=,iv:CVLFeWkKaj+NPfgdWP3FMV5IfQcP2TZLq5JU9hg+mzs=,tag:Giy1+oasvIEDvYTtfrMFqw==,type:str]
     pgp:
         - created_at: "2022-01-22T02:43:51Z"
           enc: |-
-- 
GitLab