apiVersion: apps/v1 kind: Deployment metadata: labels: app: oauth2-proxy name: oauth2-proxy namespace: tubesync spec: replicas: 1 selector: matchLabels: app: oauth2-proxy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: oauth2-proxy spec: initContainers: - name: password-creator image: httpd:alpine3.19 command: - /usr/local/apache2/bin/htpasswd - -Bbc - /xfr/htpasswd - "$(OIDC_BYPASS_USERNAME)" - "$(OIDC_BYPASS_PASSWORD)" envFrom: - secretRef: name: oidc-bypass-user volumeMounts: - name: htpasswd-xfr mountPath: /xfr containers: - name: oauth2-proxy-http image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 imagePullPolicy: IfNotPresent env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oidc-client key: client_id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-client key: client_secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy key: cookie_secret - name: OAUTH2_PROXY_UPSTREAMS value: http://tubesync:4848 args: - --http-address=0.0.0.0:4180 - --whitelist-domain=strudelline.net:* - --whitelist-domain=.strudelline.net:* - --cookie-domain=strudelline.net - --email-domain=werts.us - --email-domain=strudelline.net - --email-domain=andariese.net - --cookie-secure - --skip-provider-button - --htpasswd-file=/xfr/htpasswd - --set-xauthrequest - --provider=oidc - --oidc-issuer-url=https://auth.werts.us/realms/werts - --cookie-csrf-per-request volumeMounts: - name: htpasswd-xfr mountPath: /xfr livenessProbe: failureThreshold: 3 httpGet: path: /ping port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ports: - containerPort: 4180 name: http protocol: TCP volumes: - name: htpasswd-xfr emptyDir: medium: Memory sizeLimit: 1Mi - name: certs secret: secretName: wildcard-tls terminationGracePeriodSeconds: 2