apiVersion: apps/v1 kind: Deployment metadata: labels: app: oauth2-proxy name: oauth2-proxy namespace: longhorn-system spec: replicas: 1 selector: matchLabels: app: oauth2-proxy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: oauth2-proxy spec: containers: - name: oauth2-proxy-http image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 imagePullPolicy: IfNotPresent env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oidc-client key: client_id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-client key: client_secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy key: cookie_secret - name: OAUTH2_PROXY_UPSTREAMS value: http://longhorn-frontend.longhorn-system.svc:80 args: - --http-address=0.0.0.0:4180 - --whitelist-domain=strudelline.net:* - --whitelist-domain=.strudelline.net:* - --cookie-domain=strudelline.net - --email-domain=werts.us - --email-domain=strudelline.net - --email-domain=andariese.net - --cookie-secure - --skip-provider-button - --set-xauthrequest - --provider=oidc - --oidc-issuer-url=https://auth.werts.us/realms/werts - --trusted-ip=172.16.0.0/16 - --cookie-csrf-per-request livenessProbe: failureThreshold: 3 httpGet: path: /ping port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ports: - containerPort: 4180 name: http protocol: TCP terminationGracePeriodSeconds: 2 --- apiVersion: v1 kind: Service metadata: labels: app: oauth2-proxy name: oauth2-proxy namespace: longhorn-system spec: ports: - name: http port: 4180 protocol: TCP targetPort: 4180 selector: app: oauth2-proxy