replicaCount: 1

config:
  existingSecret: oauth2-proxy-creds
  configFile: |-
    provider = "keycloak-oidc"
    provider_display_name = "Keycloak"
    oidc_issuer_url = "https://auth.hexor.cy/auth/realms/hexor"
    redirect_url = "https://oauth.hexor.cy/oauth2/callback"
    email_domains = ["*"]
    cookie_domains = [".hexor.cy"]
    whitelist_domains = [".hexor.cy"]
    cookie_secure = true
    cookie_samesite = "lax"
    upstreams = ["static://200"]
    reverse_proxy = true
    set_xauthrequest = true
    set_authorization_header = true
    pass_access_token = true
    pass_authorization_header = true
    skip_provider_button = true
    code_challenge_method = "S256"
    scope = "openid profile email"

ingress:
  enabled: true
  className: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
  hosts:
    - oauth.hexor.cy
  tls:
    - secretName: oauth2-proxy-tls
      hosts:
        - oauth.hexor.cy

resources:
  requests:
    cpu: 50m
    memory: 64Mi
  limits:
    cpu: 200m
    memory: 128Mi

nodeSelector:
  kubernetes.io/hostname: master.tail2fe2d.ts.net

tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule