67 lines
1.4 KiB
YAML
67 lines
1.4 KiB
YAML
oauth2-proxy:
|
|
|
|
config:
|
|
existingSecret: oauth-credentials
|
|
configFile: |-
|
|
email_domains = [ "*" ]
|
|
upstreams = [ "file:///dev/null" ]
|
|
pass_authorization_header = true
|
|
pass_access_token = true
|
|
pass_user_headers = true
|
|
set_authorization_header = true
|
|
set_xauthrequest = true
|
|
request_logging=true
|
|
cookie_secure=true
|
|
scope = "openid profile email"
|
|
cookie_refresh = "1m"
|
|
cookie_expire = "30m"
|
|
|
|
image:
|
|
repository: "quay.io/oauth2-proxy/oauth2-proxy"
|
|
pullPolicy: "Always"
|
|
|
|
extraArgs:
|
|
provider: keycloak-oidc
|
|
redirect-url: https://oauth.durp.info/oauth2/callback
|
|
oidc-issuer-url: https://keycloak.durp.info/realms/master
|
|
|
|
serviceAccount:
|
|
enabled: true
|
|
name:
|
|
annotations: {}
|
|
|
|
ingress:
|
|
enabled: true
|
|
path: /
|
|
pathType: Prefix
|
|
hosts:
|
|
- oauth.durp.info
|
|
annotations:
|
|
kubernetes.io/ingress.class: nginx
|
|
kubernetes.io/tls-acme: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
tls:
|
|
- secretName: oauth-tls
|
|
hosts:
|
|
- oauth.durp.info
|
|
|
|
resources:
|
|
limits:
|
|
memory: 300Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 300Mi
|
|
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
|
|
replicaCount: 1 |