61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: oauth2-proxy
|
|
namespace: oauth2-proxy
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: oauth2-proxy
|
|
version: ">=7.0.0 <8.0.0"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: oauth2-proxy
|
|
namespace: oauth2-proxy
|
|
interval: 12h
|
|
values:
|
|
replicaCount: 2
|
|
|
|
config:
|
|
existingSecret: oauth2-proxy-secrets
|
|
configFile: |-
|
|
provider = "oidc"
|
|
oidc_issuer_url = "https://idm.home.hrajfrisbee.cz/oauth2/openid/oauth2-proxy"
|
|
email_domains = ["*"]
|
|
cookie_secure = true
|
|
cookie_domains = [".lab.home.hrajfrisbee.cz"]
|
|
whitelist_domains = [".lab.home.hrajfrisbee.cz"]
|
|
set_xauthrequest = true
|
|
set_authorization_header = true
|
|
pass_access_token = true
|
|
skip_provider_button = true
|
|
upstreams = ["static://202"]
|
|
skip_auth_routes = ["PUT=^/uploads/.*", "POST=^/uploads/.*"]
|
|
|
|
extraArgs:
|
|
- --reverse-proxy=true
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- oauth2-proxy.lab.home.hrajfrisbee.cz
|
|
tls:
|
|
- secretName: oauth2-proxy-tls
|
|
hosts:
|
|
- oauth2-proxy.lab.home.hrajfrisbee.cz
|
|
|
|
resources:
|
|
limits:
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|