Files
k3s-manifests/manifests/sillytavern/oauth2-proxy.yaml

84 lines
2.2 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: oauth2-proxy
namespace: sillytavern
spec:
replicas: 1
selector:
matchLabels:
app: oauth2-proxy
template:
metadata:
labels:
app: oauth2-proxy
spec:
containers:
- name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2-amd64
args:
- --provider=oidc
- --oidc-issuer-url=https://auth.t0rt1k.tech/
- --redirect-url=https://sillytavern.mrt0rtikize.ru/oauth2/callback
- --upstream=http://sillytavern:8000
- --http-address=0.0.0.0:4180
- --email-domain=*
- --scope=openid email
- --pass-authorization-header=true
- --set-authorization-header=true
- --cookie-domain=.mrt0rtikize.ru
- --cookie-secure=true
- --cookie-samesite=lax
- --reverse-proxy=true
env:
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
name: oauth2-proxy-secret
key: client-id
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oauth2-proxy-secret
key: client-secret
- name: OAUTH2_PROXY_COOKIE_SECRET
valueFrom:
secretKeyRef:
name: oauth2-proxy-secret
key: cookie-secret
ports:
- containerPort: 4180
name: http
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 50m
memory: 64Mi
livenessProbe:
httpGet:
path: /ping
port: 4180
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /ping
port: 4180
initialDelaySeconds: 3
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: oauth2-proxy
namespace: sillytavern
spec:
selector:
app: oauth2-proxy
ports:
- port: 4180
targetPort: 4180
name: http