apiVersion: v1 kind: ConfigMap metadata: name: oauth2-proxy-{{ .Env.APP_NAME }}-config namespace: {{ .Env.APP_NAMESPACE }} data: config.cfg: | http_address = "0.0.0.0:4180" provider = "keycloak-oidc" oidc_issuer_url = "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}" redirect_url = "https://{{ .Env.APP_HOST }}/oauth2/callback" email_domains = "*" reverse_proxy = true {{- if .Env.SKIP_AUTH_ROUTES }} skip_auth_routes = [{{ range $i, $route := (split .Env.SKIP_AUTH_ROUTES ",") }}{{ if $i }},{{ end }} "^{{ $route }}"{{ end }} ] {{- end }} --- apiVersion: apps/v1 kind: Deployment metadata: name: oauth2-proxy-{{ .Env.APP_NAME }} namespace: {{ .Env.APP_NAMESPACE }} labels: app: {{ .Env.APP_NAME }}-oauth2-proxy app.kubernetes.io/component: oauth2-proxy spec: replicas: 1 selector: matchLabels: app: {{ .Env.APP_NAME }}-oauth2-proxy template: metadata: labels: app: {{ .Env.APP_NAME }}-oauth2-proxy app.kubernetes.io/component: oauth2-proxy spec: containers: - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 args: - --config=/etc/oauth2-proxy/config.cfg - --upstream=http://{{ .Env.UPSTREAM_SERVICE }} env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oauth2-proxy-{{ .Env.APP_NAME }}-config key: client_id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-{{ .Env.APP_NAME }}-config key: client_secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-{{ .Env.APP_NAME }}-config key: cookie_secret ports: - containerPort: 4180 name: http volumeMounts: - name: config mountPath: /etc/oauth2-proxy/ readinessProbe: httpGet: path: /ping port: 4180 initialDelaySeconds: 3 timeoutSeconds: 1 livenessProbe: httpGet: path: /ping port: 4180 initialDelaySeconds: 3 timeoutSeconds: 1 volumes: - name: config configMap: name: oauth2-proxy-{{ .Env.APP_NAME }}-config