From d3ee23c3de3fccad6ad8f6d2717ec10a75d1605b Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Mon, 4 May 2026 18:25:42 +0100
Subject: [PATCH] Added oauth2 proxy

---
 k8s/apps/mtproxy/secret-reader-ingress.yaml | 31 +--------------------
 1 file changed, 1 insertion(+), 30 deletions(-)

diff --git a/k8s/apps/mtproxy/secret-reader-ingress.yaml b/k8s/apps/mtproxy/secret-reader-ingress.yaml
index a03023d..92badbc 100644
--- a/k8s/apps/mtproxy/secret-reader-ingress.yaml
+++ b/k8s/apps/mtproxy/secret-reader-ingress.yaml
@@ -5,7 +5,7 @@ metadata:
   name: keycloak-auth
 spec:
   forwardAuth:
-    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
+    address: http://oauth2-proxy.oauth2-proxy.svc:80
     trustForwardHeader: true
     authResponseHeaders:
       - X-Auth-Request-User
@@ -13,29 +13,6 @@ spec:
       - X-Auth-Request-Groups
 ---
 apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: keycloak-auth-redirect
-spec:
-  errors:
-    status:
-      - "401"
-    service:
-      name: oauth2-proxy-redirect
-      port: 80
-    query: /oauth2/sign_in?rd={url}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: oauth2-proxy-redirect
-spec:
-  type: ExternalName
-  externalName: oauth2-proxy.oauth2-proxy.svc.cluster.local
-  ports:
-    - port: 80
----
-apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: secret-reader
@@ -45,16 +22,10 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`secret-reader.hexor.cy`) && PathPrefix(`/oauth2/`)
-      kind: Rule
-      services:
-        - name: oauth2-proxy-redirect
-          port: 80
     - match: Host(`secret-reader.hexor.cy`)
       kind: Rule
       middlewares:
         - name: keycloak-auth
-        - name: keycloak-auth-redirect
       services:
         - name: secret-reader
           port: 80