apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: oauth2-proxy
  namespace: oauth2-proxy
spec:
  interval: 30m
  chart:
    spec:
      chart: oauth2-proxy
      version: ">=7.0.0 <8.0.0"
      sourceRef:
        kind: HelmRepository
        name: oauth2-proxy
        namespace: oauth2-proxy
      interval: 12h
  values:
    replicaCount: 2

    config:
      existingSecret: oauth2-proxy-secrets
      configFile: |-
        provider = "oidc"
        oidc_issuer_url = "https://idm.home.hrajfrisbee.cz/oauth2/openid/oauth2-proxy"
        email_domains = ["*"]
        cookie_secure = true
        cookie_domains = [".lab.home.hrajfrisbee.cz"]
        whitelist_domains = [".lab.home.hrajfrisbee.cz"]
        set_xauthrequest = true
        set_authorization_header = true
        pass_access_token = true
        skip_provider_button = true
        upstreams = ["static://202"]
        skip_auth_routes = ["PUT=^/uploads/.*", "POST=^/uploads/.*"]

    extraArgs:
      - --reverse-proxy=true

    ingress:
      enabled: true
      className: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
      hosts:
        - oauth2-proxy.lab.home.hrajfrisbee.cz
      tls:
        - secretName: oauth2-proxy-tls
          hosts:
            - oauth2-proxy.lab.home.hrajfrisbee.cz

    resources:
      limits:
        memory: 128Mi
      requests:
        cpu: 10m
        memory: 64Mi

    podDisruptionBudget:
      enabled: true
      minAvailable: 1