apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: oauth2-proxy
  name: oauth2-proxy
  namespace: keycloak
spec:
  replicas: 3
  selector:
    matchLabels:
      app: oauth2-proxy
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: oauth2-proxy
    spec:
      containers:
      - args:
        - --http-address=0.0.0.0:4180
        - --config=/config.cfg
        image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: http
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: oauth2-proxy
        ports:
        - containerPort: 4180
          name: http
          protocol: TCP
        volumeMounts:
        - mountPath: /config.cfg
          name: oauth2-proxy-config
          subPath: oauth2-proxy.cfg
      terminationGracePeriodSeconds: 2
      volumes:
      - name: oauth2-proxy-config
        secret:
          defaultMode: 420
          optional: false
          secretName: oauth2-proxy-oidc-secret
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: oauth2-proxy
  name: oauth2-proxy
  namespace: keycloak
spec:
  ports:
  - name: http
    port: 4180
    protocol: TCP
    targetPort: 4180
  selector:
    app: oauth2-proxy