Added oauth2 proxy

k8s/core/oauth2-proxy/values.yaml

@@ -0,0 +1,67 @@
+replicaCount: 1
+
+config:
+  configFile: |-
+    provider = "keycloak-oidc"
+    provider_display_name = "Keycloak"
+    oidc_issuer_url = "https://auth.hexor.cy/auth/realms/hexor"
+    redirect_url = "https://oauth.hexor.cy/oauth2/callback"
+    email_domains = ["*"]
+    cookie_domains = [".hexor.cy"]
+    whitelist_domains = [".hexor.cy"]
+    cookie_secure = true
+    cookie_samesite = "lax"
+    upstreams = ["static://200"]
+    reverse_proxy = true
+    set_xauthrequest = true
+    set_authorization_header = true
+    pass_access_token = true
+    pass_authorization_header = true
+    skip_provider_button = true
+    code_challenge_method = "S256"
+    scope = "openid profile email"
+
+extraEnv:
+  - name: OAUTH2_PROXY_CLIENT_ID
+    valueFrom:
+      secretKeyRef:
+        name: oauth2-proxy-creds
+        key: client_id
+  - name: OAUTH2_PROXY_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: oauth2-proxy-creds
+        key: client_secret
+  - name: OAUTH2_PROXY_COOKIE_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: oauth2-proxy-creds
+        key: cookie_secret
+
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+  hosts:
+    - oauth.hexor.cy
+  tls:
+    - secretName: oauth2-proxy-tls
+      hosts:
+        - oauth.hexor.cy
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 128Mi
+
+nodeSelector:
+  kubernetes.io/hostname: master.tail2fe2d.ts.net
+
+tolerations:
+  - key: node-role.kubernetes.io/master
+    effect: NoSchedule