From dbd73c12e843211731d165ada7e565859391e4a8 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 2 Feb 2022 22:28:04 +0100
Subject: [PATCH] fix(monitoring): Resolve 502 after successful login on
 oauth2-proxy

This patch finally fixes the issue of a successful oauth2-proxy login
failing directly afterwards due to some issues with the cookie.

This patch enabled "minimal session cookies" and by that resolved the
issue.

References:
https://github.com/oauth2-proxy/oauth2-proxy/issues/941#issuecomment-747108519
---
 clusters/k8s01/monitoring/oauth2.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/clusters/k8s01/monitoring/oauth2.yaml b/clusters/k8s01/monitoring/oauth2.yaml
index f81f70596..51e6f52b4 100644
--- a/clusters/k8s01/monitoring/oauth2.yaml
+++ b/clusters/k8s01/monitoring/oauth2.yaml
@@ -12,8 +12,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-02-02T20:51:11Z"
-    mac: ENC[AES256_GCM,data:/B3phyaqukaNzg5XayRgxqQCm9Jb+rxhBfmQDFrfaZZhDRSi5+iuLro2Wk6vFq903hijHWElA03c7a5MoxoUhC/RUB4X4dDQxjsr5XnsrWdxD/z2mwCg98sBIJOsZuhyapeg3TSWlzhm2GcFYyYqEcTtat6eLVfbtcG21fZLC9c=,iv:DlmypVGFdu4Y13vpwCIptAkFIwfvPg94hE8v69XqKvQ=,tag:J7d+KAtCR/i80tVd4MIR4A==,type:str]
+    lastmodified: "2022-02-02T21:27:59Z"
+    mac: ENC[AES256_GCM,data:hjDzDvx2owVZgLIQqwqHRnrKZpM3MmHdiPu/DUbAbe/8ctWSZwIII/+LSlfnsK8+aud33xeMkZBqzAo7NwQObU9mod/3fuIexprhx/RwIWUlzOWnIZJvQ0eLRSxdFZWEUf2UkRaOElnCerUdAUn7t6tUkTwmPPXj5vXAP8lRtW4=,iv:z1evvp3+t8RYa6NCGRdmEyGtximRSrTwRTbcF/1iWw4=,tag:ZwkJdu10P370L2Lyy7eZOw==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -89,6 +89,7 @@ spec:
             oidc-issuer-url: ENC[AES256_GCM,data:cjpWCSaUohFnsNuTQglIASmY2DrdmRoNFUu6f8UiqLjTNMRWdPgGhliZxsL6u56Jmw2Ec4yj9lKuNJfA,iv:vKIdjDG4FZWJMlVqoeeu1USEy+Ig3UZdMKXPkZqWTro=,tag:9EBs55eqkItBnJ7JNFMnLA==,type:str]
             allowed-role: monitoring-k8s01:admin
             whitelist-domain: ENC[AES256_GCM,data:lPjezumXqntAyndo5dw8UlcN53AYvlTjH107otM=,iv:zq1ufpUpHAbSBhyZ9QOuU/1rROgtzpeBNFskOFQU6f0=,tag:qUNLlVDmPVUoEeotjumqFg==,type:str]
+            session-cookie-minimal: true
         replicaCount: 1
         securityContext:
             enabled: true
@@ -126,8 +127,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-02-02T20:51:11Z"
-    mac: ENC[AES256_GCM,data:/B3phyaqukaNzg5XayRgxqQCm9Jb+rxhBfmQDFrfaZZhDRSi5+iuLro2Wk6vFq903hijHWElA03c7a5MoxoUhC/RUB4X4dDQxjsr5XnsrWdxD/z2mwCg98sBIJOsZuhyapeg3TSWlzhm2GcFYyYqEcTtat6eLVfbtcG21fZLC9c=,iv:DlmypVGFdu4Y13vpwCIptAkFIwfvPg94hE8v69XqKvQ=,tag:J7d+KAtCR/i80tVd4MIR4A==,type:str]
+    lastmodified: "2022-02-02T21:27:59Z"
+    mac: ENC[AES256_GCM,data:hjDzDvx2owVZgLIQqwqHRnrKZpM3MmHdiPu/DUbAbe/8ctWSZwIII/+LSlfnsK8+aud33xeMkZBqzAo7NwQObU9mod/3fuIexprhx/RwIWUlzOWnIZJvQ0eLRSxdFZWEUf2UkRaOElnCerUdAUn7t6tUkTwmPPXj5vXAP8lRtW4=,iv:z1evvp3+t8RYa6NCGRdmEyGtximRSrTwRTbcF/1iWw4=,tag:ZwkJdu10P370L2Lyy7eZOw==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -193,8 +194,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-02-02T20:51:11Z"
-    mac: ENC[AES256_GCM,data:/B3phyaqukaNzg5XayRgxqQCm9Jb+rxhBfmQDFrfaZZhDRSi5+iuLro2Wk6vFq903hijHWElA03c7a5MoxoUhC/RUB4X4dDQxjsr5XnsrWdxD/z2mwCg98sBIJOsZuhyapeg3TSWlzhm2GcFYyYqEcTtat6eLVfbtcG21fZLC9c=,iv:DlmypVGFdu4Y13vpwCIptAkFIwfvPg94hE8v69XqKvQ=,tag:J7d+KAtCR/i80tVd4MIR4A==,type:str]
+    lastmodified: "2022-02-02T21:27:59Z"
+    mac: ENC[AES256_GCM,data:hjDzDvx2owVZgLIQqwqHRnrKZpM3MmHdiPu/DUbAbe/8ctWSZwIII/+LSlfnsK8+aud33xeMkZBqzAo7NwQObU9mod/3fuIexprhx/RwIWUlzOWnIZJvQ0eLRSxdFZWEUf2UkRaOElnCerUdAUn7t6tUkTwmPPXj5vXAP8lRtW4=,iv:z1evvp3+t8RYa6NCGRdmEyGtximRSrTwRTbcF/1iWw4=,tag:ZwkJdu10P370L2Lyy7eZOw==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
-- 
GitLab