2026-05-04 18:06:37 +01:00
|
|
|
replicaCount: 1
|
|
|
|
|
|
|
|
|
|
config:
|
2026-05-04 18:15:48 +01:00
|
|
|
existingSecret: oauth2-proxy-creds
|
2026-05-04 18:06:37 +01:00
|
|
|
configFile: |-
|
|
|
|
|
provider = "keycloak-oidc"
|
|
|
|
|
provider_display_name = "Keycloak"
|
|
|
|
|
oidc_issuer_url = "https://auth.hexor.cy/auth/realms/hexor"
|
|
|
|
|
redirect_url = "https://oauth.hexor.cy/oauth2/callback"
|
|
|
|
|
email_domains = ["*"]
|
|
|
|
|
cookie_domains = [".hexor.cy"]
|
|
|
|
|
whitelist_domains = [".hexor.cy"]
|
|
|
|
|
cookie_secure = true
|
|
|
|
|
cookie_samesite = "lax"
|
|
|
|
|
upstreams = ["static://200"]
|
|
|
|
|
reverse_proxy = true
|
|
|
|
|
set_xauthrequest = true
|
|
|
|
|
set_authorization_header = true
|
|
|
|
|
pass_access_token = true
|
|
|
|
|
pass_authorization_header = true
|
|
|
|
|
skip_provider_button = true
|
|
|
|
|
code_challenge_method = "S256"
|
|
|
|
|
scope = "openid profile email"
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
className: traefik
|
|
|
|
|
annotations:
|
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
|
|
|
|
|
hosts:
|
|
|
|
|
- oauth.hexor.cy
|
|
|
|
|
tls:
|
|
|
|
|
- secretName: oauth2-proxy-tls
|
|
|
|
|
hosts:
|
|
|
|
|
- oauth.hexor.cy
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 50m
|
|
|
|
|
memory: 64Mi
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 200m
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
|
|
nodeSelector:
|
|
|
|
|
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
|
|
|
|
|
|
|
|
|
tolerations:
|
|
|
|
|
- key: node-role.kubernetes.io/master
|
|
|
|
|
effect: NoSchedule
|
