apiVersion: apps/v1 kind: Deployment metadata: name: oauth2-proxy namespace: sillytavern spec: replicas: 1 selector: matchLabels: app: oauth2-proxy template: metadata: labels: app: oauth2-proxy spec: containers: - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2-amd64 args: - --provider=oidc - --oidc-issuer-url=https://auth.t0rt1k.tech/ - --redirect-url=https://sillytavern.mrt0rtikize.ru/oauth2/callback - --upstream=http://sillytavern:8000 - --http-address=0.0.0.0:4180 - --email-domain=* - --scope=openid email - --pass-authorization-header=true - --set-authorization-header=true - --cookie-domain=.mrt0rtikize.ru - --cookie-secure=true - --cookie-samesite=lax - --reverse-proxy=true env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oauth2-proxy-secret key: client-id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secret key: client-secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secret key: cookie-secret ports: - containerPort: 4180 name: http resources: requests: cpu: 10m memory: 32Mi limits: cpu: 50m memory: 64Mi livenessProbe: httpGet: path: /ping port: 4180 initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /ping port: 4180 initialDelaySeconds: 3 periodSeconds: 5 --- apiVersion: v1 kind: Service metadata: name: oauth2-proxy namespace: sillytavern spec: selector: app: oauth2-proxy ports: - port: 4180 targetPort: 4180 name: http