--- apiVersion: v1 kind: Secret metadata: name: oauth2-proxy-secrets namespace: paperless type: Opaque stringData: OAUTH2_PROXY_CLIENT_ID: "371736929185563308" OAUTH2_PROXY_CLIENT_SECRET: "2WVS5uGOKOYozY0T6QLi854vihLrNbchqkPhEZxKS74b5iRQeeLH8EMhUiZIHWPH" OAUTH2_PROXY_COOKIE_SECRET: "NcF3zVJcPIpBYpLL4TIqpmBAcESddly-LVHAKw--xl8" --- apiVersion: apps/v1 kind: Deployment metadata: name: oauth2-proxy namespace: paperless spec: replicas: 1 selector: matchLabels: app: oauth2-proxy template: metadata: labels: app: oauth2-proxy spec: containers: - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1 args: - --provider=oidc - --oidc-issuer-url=https://auth.expertfab.de - --redirect-url=https://docs.expertfab.de/oauth2/callback - --upstream=http://paperless:8000 - --http-address=0.0.0.0:4180 - --email-domain=* - --scope=openid profile email - --skip-provider-button=true - --skip-auth-regex=^/api/ - --skip-auth-regex=^/api-auth/ - --cookie-secure=true - --cookie-samesite=lax - --reverse-proxy=true - --pass-access-token=true - --set-xauthrequest=true env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_CLIENT_ID - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_CLIENT_SECRET - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy-secrets key: OAUTH2_PROXY_COOKIE_SECRET ports: - containerPort: 4180 resources: requests: cpu: 50m memory: 64Mi limits: cpu: 100m memory: 128Mi --- apiVersion: v1 kind: Service metadata: name: oauth2-proxy namespace: paperless spec: selector: app: oauth2-proxy ports: - port: 4180 targetPort: 4180