Deploy GitHub Pages

examples/affinity/cookie/index.html

@@ -1241,6 +1241,16 @@
 <td>string (defaults to the currently <a href="../../../user-guide/ingress-path-matching/">matched path</a>)</td>
 </tr>
 <tr>
+<td>nginx.ingress.kubernetes.io/session-cookie-samesite</td>
+<td>SameSite attribute to apply to the cookie</td>
+<td>Browser accepted values are <code class="codehilite">None</code>, <code class="codehilite">Lax</code>, and <code class="codehilite">Strict</code></td>
+</tr>
+<tr>
+<td>nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none</td>
+<td>Will omit <code class="codehilite">SameSite=None</code> attribute for older browsers which reject the more-recently defined <code class="codehilite">SameSite=None</code> value</td>
+<td><code class="codehilite">&quot;true&quot;</code> or <code class="codehilite">&quot;false&quot;</code></td>
+</tr>
+<tr>
 <td>nginx.ingress.kubernetes.io/session-cookie-max-age</td>
 <td>Time until the cookie expires, corresponds to the <code class="codehilite">Max-Age</code> cookie directive</td>
 <td>number of seconds</td>

examples/affinity/cookie/ingress-samesite.yaml

@@ -0,0 +1,40 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: cookie-samesite-none
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "SSNONE"
+    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
+    nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true" # omits SameSite=None for older browsers which reject cookies with SameSite=None
+spec:
+  rules:
+  - host: stickyingress-samesite-none.example.com
+    http:
+      paths:
+      - backend:
+          serviceName: http-svc
+          servicePort: 80
+        path: /
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: cookie-samesite-strict
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "STRICTCOOKIENAME"
+    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict"
+spec:
+  rules:
+  - host: stickyingress-samesite-strict.example.com
+    http:
+      paths:
+      - backend:
+          serviceName: http-svc
+          servicePort: 80
+        path: /

examples/auth/oauth-external-auth/index.html

@@ -1301,7 +1301,7 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
 </li>
 <li>OAUTH2_PROXY_CLIENT_SECRET with the github <code class="codehilite">&lt;Client Secret&gt;</code></li>
 <li>
-<p>OAUTH2_PROXY_COOKIE_SECRET with value of <code class="codehilite"><span class="n">python</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;import os,base64; print base64.b64encode(os.urandom(16))&#39;</span></code></p>
+<p>OAUTH2_PROXY_COOKIE_SECRET with value of <code class="codehilite"><span class="n">python</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;import os,base64; print(base64.b64encode(os.urandom(16)).decode(&quot;ascii&quot;))&#39;</span></code></p>
 </li>
 <li>
 <p>Customize the contents of the file dashboard-ingress.yaml:</p>