---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: oauth2-proxy
  namespace: gongme
spec:
  replicas: 1
  selector:
    matchLabels:
      app: oauth2-proxy
  template:
    metadata:
      labels:
        app: oauth2-proxy
    spec:
      containers:
        - name: oauth2-proxy
          image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
          args:
            - --provider=oidc
            - --oidc-issuer-url=https://auth.expertfab.de
            - --redirect-url=https://gongme.expertfab.de/oauth2/callback
            - --upstream=http://gongme-web:3000
            - --http-address=0.0.0.0:4180
            - --email-domain=expertfab.de
            - --scope=openid profile email
            - --skip-provider-button=true
            - --cookie-secure=true
            - --cookie-samesite=lax
            - --reverse-proxy=true
            - --pass-access-token=true
            - --set-xauthrequest=true
          env:
            - name: OAUTH2_PROXY_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: oauth2-proxy-secrets
                  key: OAUTH2_PROXY_CLIENT_ID
            - name: OAUTH2_PROXY_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: oauth2-proxy-secrets
                  key: OAUTH2_PROXY_CLIENT_SECRET
            - name: OAUTH2_PROXY_COOKIE_SECRET
              valueFrom:
                secretKeyRef:
                  name: oauth2-proxy-secrets
                  key: OAUTH2_PROXY_COOKIE_SECRET
          ports:
            - containerPort: 4180
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              cpu: 100m
              memory: 128Mi
---
apiVersion: v1
kind: Service
metadata:
  name: oauth2-proxy
  namespace: gongme
spec:
  selector:
    app: oauth2-proxy
  ports:
    - port: 4180
      targetPort: 4180