76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
oauth2-proxy:
|
|
|
|
config:
|
|
existingSecret: oauth-credentials
|
|
#configFile: |-
|
|
# --provider=keycloak-oidc
|
|
# --redirect-url=https://oauth.durp.info/oauth2/callback
|
|
# --oidc-issuer-url=https://keycloak.durp.info/realms/master
|
|
|
|
#--allowed-role=<realm role name> // Optional, required realm role
|
|
#--allowed-role=<client id>:<client role name> // Optional, required client role
|
|
|
|
# configFile: |-
|
|
# email_domains = [ "*" ]
|
|
# upstreams = [ "file:///dev/null" ]
|
|
# pass_authorization_header = true
|
|
# pass_access_token = true
|
|
# pass_user_headers = true
|
|
# set_authorization_header = true
|
|
# set_xauthrequest = true
|
|
# request_logging=true
|
|
# cookie_secure=true
|
|
# scope = "openid profile email"
|
|
# cookie_refresh = "1m"
|
|
# cookie_expire = "30m"
|
|
|
|
image:
|
|
repository: "quay.io/oauth2-proxy/oauth2-proxy"
|
|
pullPolicy: "Always"
|
|
|
|
extraArgs:
|
|
provider: keycloak-oidc
|
|
redirect-url: https://oauth.durp.info/oauth2/callback/
|
|
oidc-issuer-url: https://keycloak.durp.info/realms/master
|
|
whitelist-domain: durp.info
|
|
|
|
serviceAccount:
|
|
enabled: true
|
|
name:
|
|
annotations: {}
|
|
|
|
ingress:
|
|
enabled: true
|
|
path: /
|
|
pathType: Prefix
|
|
hosts:
|
|
- oauth.durp.info
|
|
annotations:
|
|
kubernetes.io/ingress.class: nginx
|
|
kubernetes.io/tls-acme: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
tls:
|
|
- secretName: oauth-tls
|
|
hosts:
|
|
- oauth.durp.info
|
|
|
|
resources:
|
|
limits:
|
|
memory: 300Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 300Mi
|
|
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
|
|
replicaCount: 1 |