k8s/core/auth-proxy/deployment.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: auth-proxy
  labels:
    app: auth-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: auth-proxy
  template:
    metadata:
      labels:
        app: auth-proxy
    spec:
      containers:
        - name: auth-proxy
          image: ultradesu/rsauth2-proxy:0.1.0
          ports:
            - containerPort: 8080
              name: http
              protocol: TCP
          envFrom:
            - secretRef:
                name: auth-proxy-creds
          env:
            - name: AUTH_PROXY_OIDC_ISSUER
              value: "https://auth.hexor.cy/auth/realms/hexor"
            - name: AUTH_PROXY_COOKIE_DOMAIN
              value: ".hexor.cy"
            - name: AUTH_PROXY_CALLBACK_URL
              value: "https://oauth.hexor.cy/callback"
            - name: AUTH_PROXY_ROUTES_FILE
              value: "/config/routes.yaml"
            - name: AUTH_PROXY_LOG_LEVEL
              value: "debug"
          volumeMounts:
            - name: routes
              mountPath: /config
              readOnly: true
          resources:
            requests:
              cpu: 50m
              memory: 32Mi
            limits:
              cpu: 200m
              memory: 64Mi
          readinessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 3
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
            runAsGroup: 1000
            capabilities:
              drop:
                - ALL
      volumes:
        - name: routes
          configMap:
            name: auth-proxy-routes
      nodeSelector:
        kubernetes.io/hostname: master.tail2fe2d.ts.net
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
Deployed rsauth2-proxy 2026-05-05 14:56:56 +01:00			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: auth-proxy`
			`labels:`
			`app: auth-proxy`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: auth-proxy`
			`template:`
			`metadata:`
			`labels:`
			`app: auth-proxy`
			`spec:`
			`containers:`
			`- name: auth-proxy`
			`image: ultradesu/rsauth2-proxy:0.1.0`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`protocol: TCP`
			`envFrom:`
			`- secretRef:`
			`name: auth-proxy-creds`
			`env:`
			`- name: AUTH_PROXY_OIDC_ISSUER`
			`value: "https://auth.hexor.cy/auth/realms/hexor"`
			`- name: AUTH_PROXY_COOKIE_DOMAIN`
			`value: ".hexor.cy"`
			`- name: AUTH_PROXY_CALLBACK_URL`
			`value: "https://oauth.hexor.cy/callback"`
			`- name: AUTH_PROXY_ROUTES_FILE`
			`value: "/config/routes.yaml"`
			`- name: AUTH_PROXY_LOG_LEVEL`
deployed auth-proxy 2026-05-05 15:28:25 +01:00			`value: "debug"`
Deployed rsauth2-proxy 2026-05-05 14:56:56 +01:00			`volumeMounts:`
			`- name: routes`
			`mountPath: /config`
			`readOnly: true`
			`resources:`
			`requests:`
			`cpu: 50m`
			`memory: 32Mi`
			`limits:`
			`cpu: 200m`
			`memory: 64Mi`
			`readinessProbe:`
			`httpGet:`
			`path: /health`
			`port: 8080`
			`initialDelaySeconds: 3`
			`periodSeconds: 10`
			`livenessProbe:`
			`httpGet:`
			`path: /health`
			`port: 8080`
			`initialDelaySeconds: 5`
			`periodSeconds: 30`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`capabilities:`
			`drop:`
			`- ALL`
			`volumes:`
			`- name: routes`
			`configMap:`
			`name: auth-proxy-routes`
			`nodeSelector:`
			`kubernetes.io/hostname: master.tail2fe2d.ts.net`
			`tolerations:`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`