Update argocd/sealed-secrets/values.yaml, argocd/oauth2-proxy/Chart.yaml, argocd/oauth2-proxy/values.yaml, argocd/oauth2-proxy/templates/oauth-credentials.yaml, argocd/argocd/apps/oauth2-proxy.yaml

argocd/argocd/apps/oauth2-proxy.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/linode.git
+    targetRevision: main
+    path: argocd/oauth2-proxy
+  destination:
+    namespace: oauth2-proxy
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 

argocd/oauth2-proxy/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: oauth2-proxy
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: oauth2-proxy
+  repository: https://oauth2-proxy.github.io/manifests
+  version: 6.2.1
+
+
+

argocd/oauth2-proxy/templates/oauth-credentials.yaml

@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: oauth-credentials
+  namespace: oauth2-proxy
+spec:
+  encryptedData:
+    client-id: AgBPebb+Mz8pa/D5RkwMC52QgTHJLsgC0Qrn/Zgk7i1zQ3vcMDwLDdZ/JVgAzYOaQfmEX5lr5nAAOEHGrCsaP8SeHAiOZ6ODhFjEqGsgm2Rc/jL1me7QYQ5COdhpkcbhbwsZyXk8yGWDL/+YIlZEkvD7kHuyNpTBA+haTyV9VPjmNW7adopzB+vFBH9VhX5U+xzf3VhBNshlBDGlI9YPgAY5CCc6m5RQE1lbOhzEEESWxhvtwSDH58tc9FCCaMi6N6YLlgAMCbcWONId5UQJrOO0q6LS+PVyRTcfw0HIw/06PpN6LC//pPnm0QmXDEUcu6VYIV6B1fKjgmzPk2AzGxTZxOP4G0Y6ztb02kYoSmy2i++6GxKK2DHxpb+T+rPOV5fcARP64VkBjhH3fjCCB9l8H6k35+eZSax8hot2rq4jVIGqHJ4eR8XYijk6UbWFf3aZvu7v4JA2iVQAbp7rbvrDP6uN+AKmompXgdXLwKdkKIf2DheHTFVQWQhs6sMwrHRjqrMivdtU6z0+S11OhtP5eHHWDeDrNfmPd2d/3n2xb8/FdncCrWVtWBRkM1YvUBUmWdCKK4PaB+dXv4eTsV/f7pH/vN+sBVBJt6PetW2i4F6UJCum/gOXR0b7Wrcg+EfMCt+GntBNxdgWATobjqdIQVUJAcTNOFlOH37y/H6mM1n56OxMhUxSi9cLxsQ2DUs4aTzYOXeI/6pJsCaQMsuq6UlA3A==
+    client-secret: AgB29eH8awH/zJjG2ZrynIzB7zkKyZvmVzB30HBBqaC4Eyw4VRxkZDZ+z6nYXtArx/o8EjqlAQeLc0Xwwj8XMjk6w5VG7X87dZ8TJ2igTuzu2IIxZAXcfj+miVzmUENonSNIB6gZP4kqS8hDQxYOrmUyy7V83s0f60j15f0PHaueo/N6JqIGYqR5n1U51BMylXLfvVjzsRubIREneO0sz3GYM/AUW8LXvzpGSfS+tEbMcbOr9RGQcqgD8OET4nQqCKUCpai04jt7qzh7p1QOdCHEFUw4TW9RfYysTXoOQ5o/1IBjZYtnBY8rponRYwZ0jFHW00fD7iZP/7D6tiRsfMrac59g2nKNeFsV94uCwWkDgMQGUsA1Xg8tTF599COboeAhRt/ozQrV9mJHPbWeu21NwGVdkL1lKDlFRmdYWJLLnT5hQHO9ZppU6PsaQEOdQdwyS8vFWXGnIYH1YqTTIzxeRoiVpc6nYEefa0c57Lxjta6bMBs/AorvDXppeZ7EHxGfxKBC8/MqmuXzOvHe745olzhGcyJ9JaRRfOk+Ii9cFtfHIPX929KAhTcK1yg6LAI6nlZHW0l5ngaK0egOuHrGQHNRA/5y+9Jx8MqBlXAvrQ7/TZOIG9EpYr0M2Q52dAzSmqcBFvmJlVYIxxAiLlJ1L3ixQ5uYGzsCaJin4/BtmYtCejzBKpS7xK/vr8eA4EwTwQ/WWjnzkKYyaFm67w4mPlvYPf6zKWHnBkxfuUp1X6Rw237qFPSBzgaR6+XvK+/m9/UxAtJ8pOxNB5EYIR8e
+    cookie-secret: AgA8l5qnPoCJ5zGOZnvayAn70sigujLTfrKBWdl0vZbYsoD2xDcDk5UcCe32mnkSTkWkUcGoQ9+5Tlk3hgC77nlTzl66go15Y8rf8uGyeNLTR8fof9jW2EVWYbFr6nOhsK8jrkZIK9HHlIyAkTAkXg4hkQpBr1lRItsx0YFnRBNuP2CTHv6cZtEvk4cbeFCk7kdSR0hFsjtLr5T0mNAd7wV4jkoMFpIfEsrcov6OH+3crdY4raSXQ0wfWTUWLqke3wivkz5rhhr+917rpFbMJcZui6IaGupHreoEtmmbbrX/9MQowxMdtcr/xEhzXdLPHmuAEl6JHWC+bn7GPh4W+uZmlId188PtRmhLBT3qq8rOcr2LhBllq3q41PzgEDBXShVS8aAz4yjdAFLdKutxhsTEFZD9Us0JnRCFFGlEpCcR7J72FqYKJfx2gNHggkZHt9lX3MsIbkYIQ0ojD1Ay9bd0+toSc7MpXZnE+dTT6joW8IKqJQPz5SBcWeQoJc9wKKa7sT2lPdoHOttTDYof1g9VJQnhjVKtmYFyDwuhQgcYzLywZ9RN7rXGKc8t6ScjuHK/uFKQVzghyuRqADZfeoBDTqfmscOaS6Pt/3n+tVart3VmJCpNWWzWKtNZaRYY4VL6TwKIUVhNmSPr0rIRuWvg5uZXZKRSG6gZHftCVLC3ZIIxX8CdP5eKG8AFPLoTnqoBuEARmbU77vP1SWaqS2Sm3EJZrBo0HHIJlR92k8EWSiZtkHY95kPWlgg5+g==
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: oauth-credentials
+      namespace: oauth2-proxy

argocd/oauth2-proxy/values.yaml

@@ -0,0 +1,163 @@
+oauth2-proxy:
+  kubeVersion:
+
+  config:
+    annotations: {}
+    existingSecret: oauth-credentials
+    cookieName: ""
+    google: {}
+    configFile: |-
+      email_domains = [ "*" ]
+      upstreams = [ "file:///dev/null" ]
+      provider = "gitlab"
+      set_xauthrequest=true
+      pass_host_header=true
+      pass_user_headers=true
+      request_logging=true
+      cookie_secure=true
+
+  alphaConfig:
+    enabled: false
+    annotations: {}
+    serverConfigData: {}
+    metricsConfigData: {}
+    configData: {}
+    existingConfig: ~
+
+  image:
+    repository: "quay.io/oauth2-proxy/oauth2-proxy"
+    tag: "v7.2.1"
+    pullPolicy: "Always"
+
+  extraArgs: 
+    upstream: "file:///dev/null"
+    email-domain: "*"
+    redirect-url: "https://oauth.durp.info/oauth2/callback"
+    whitelist-domain: ".durp.info"
+    cookie-domain: ".durp.info"
+  
+  extraEnv: []
+
+  customLabels: {}
+
+  authenticatedEmailsFile:
+    enabled: false
+    persistence: configmap
+    template: ""
+    restrictedUserAccessKey: ""
+    restricted_access: ""
+    annotations: {}
+
+  service:
+    type: ClusterIP
+    portNumber: 80
+    annotations: {}
+
+  serviceAccount:
+    enabled: true
+    name:
+    annotations: {}
+
+  ingress:
+    enabled: true
+    path: /
+    pathType: Prefix
+    hosts:
+      - oauth.durp.info
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-production 
+    tls:
+      - secretName: oauth-tls
+        hosts:
+          - oauth.durp.info
+
+  resources: 
+    limits:
+      cpu: 100m
+      memory: 300Mi
+    requests:
+      cpu: 100m
+      memory: 300Mi
+
+  extraVolumes: []
+
+  extraVolumeMounts: []
+
+  priorityClassName: ""
+
+  hostAlias:
+    enabled: failureThreshold
+
+  tolerations: []
+
+  nodeSelector: {}
+
+  proxyVarsAsSecrets: true
+
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 0
+    timeoutSeconds: 1
+
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 0
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+
+  securityContext:
+    enabled: false
+    runAsNonRoot: true
+
+  deploymentAnnotations: {}
+  podAnnotations: {}
+  podLabels: {}
+  replicaCount: 1
+
+  podDisruptionBudget:
+    enabled: true
+    minAvailable: 1
+
+  podSecurityContext: {}
+
+  httpScheme: http
+
+  htpasswdFile:
+    enabled: false
+    existingSecret: ""
+    entries: {}
+
+  sessionStorage:
+    type: cookie
+    redis:
+      existingSecret: ""
+      password: ""
+      clientType: "standalone"
+      standalone:
+        connectionUrl: ""
+      cluster:
+        connectionUrls: []
+      sentinel:
+        password: ""
+        masterName: ""
+        connectionUrls: []
+
+  redis:
+    enabled: false
+  checkDeprecation: true
+
+  metrics:
+    enabled: true
+    port: 44180
+    servicemonitor:
+      enabled: false
+      namespace: ""
+      prometheusInstance: default
+      interval: 60s
+      scrapeTimeout: 30s
+      labels: {}
+
+  extraObjects: []

argocd/sealed-secrets/values.yaml

@@ -141,4 +141,4 @@
 #      labels: {}
 #      namespace: ""
 #  
-#
+#