--- apiVersion: v1 kind: Secret metadata: name: oauth2-proxy-secrets namespace: erpnext type: Opaque stringData: OAUTH2_PROXY_CLIENT_ID: "371747520893682044" OAUTH2_PROXY_CLIENT_SECRET: "Wka1L8RYFYeKHrzMOadDfQRXWlCnM6x2JKL2QBTmV3WHdaYY2OiodVZgK0MYdiFl" OAUTH2_PROXY_COOKIE_SECRET: "st_biHMwZOrFbrigSmnEdRG5ZCoULrktjAvPGcUrqw0" --- apiVersion: apps/v1 kind: Deployment metadata: name: oauth2-proxy namespace: erpnext spec: replicas: 1 selector: matchLabels: app: oauth2-proxy template: metadata: labels: app: oauth2-proxy spec: containers: - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1 args: - --provider=oidc - --oidc-issuer-url=https://auth.expertfab.de - --upstream=http://erpnext:8080 - --http-address=0.0.0.0:4180 - --email-domain=* - --scope=openid profile email - --skip-provider-button=true - --cookie-secure=true - --cookie-samesite=lax - --cookie-domain=expertfab.de - --whitelist-domain=expertfab.de - --whitelist-domain=www.expertfab.de - --reverse-proxy=true - --set-xauthrequest=true env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_CLIENT_ID - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_CLIENT_SECRET - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_COOKIE_SECRET ports: - containerPort: 4180 resources: requests: cpu: 50m memory: 64Mi limits: cpu: 100m memory: 128Mi --- apiVersion: v1 kind: Service metadata: name: oauth2-proxy namespace: erpnext spec: selector: app: oauth2-proxy ports: - port: 4180 targetPort: 4180