diff --git a/deploy/longhorn/kustomization.yaml b/deploy/longhorn/kustomization.yaml
index 5bf5448..864a0a4 100644
--- a/deploy/longhorn/kustomization.yaml
+++ b/deploy/longhorn/kustomization.yaml
@@ -2,3 +2,6 @@ namespace: longhorn-system
 resources:
   - longhorn-deploy.yaml
   - longhorn-ingress.yaml
+  - oauth2-proxy-longhorn-ingress.yaml
+  - oauth2-proxy-longhorn-service.yaml
+  - oauth2-proxy-longhorn.yaml
diff --git a/deploy/longhorn/longhorn-ingress.yaml b/deploy/longhorn/longhorn-ingress.yaml
index ee8f85d..c83ef4a 100644
--- a/deploy/longhorn/longhorn-ingress.yaml
+++ b/deploy/longhorn/longhorn-ingress.yaml
@@ -12,7 +12,6 @@ spec:
     - hosts:
         - longhorn.prod.panic.haus
       secretName: longhorn-tls
-
   rules:
     - host: longhorn.prod.panic.haus
       http:
diff --git a/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml b/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml
new file mode 100644
index 0000000..fe50215
--- /dev/null
+++ b/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: oauth2-proxy-longhorn-ingress
+  namespace: longhorn-system
+spec:
+  rules:
+  - host: longhorn.prod.panic.haus
+    http:
+      paths:
+      - backend:
+          service:
+            name: oauth2-proxy-longhorn-service
+            port:
+              number: 4180
+        path: /oauth2
+        pathType: Prefix
\ No newline at end of file
diff --git a/deploy/longhorn/oauth2-proxy-longhorn-service.yaml b/deploy/longhorn/oauth2-proxy-longhorn-service.yaml
new file mode 100644
index 0000000..d0daa08
--- /dev/null
+++ b/deploy/longhorn/oauth2-proxy-longhorn-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: oauth2-proxy-longhorn-service
+  namespace: longhorn-system
+spec:
+  selector:
+    app: oauth2-proxy-longhorn
+  ports:
+    - name: http
+      port: 4180
+      targetPort: 4180
diff --git a/deploy/longhorn/oauth2-proxy-longhorn.yaml b/deploy/longhorn/oauth2-proxy-longhorn.yaml
new file mode 100644
index 0000000..4e64d42
--- /dev/null
+++ b/deploy/longhorn/oauth2-proxy-longhorn.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oauth2-proxy-longhorn
+  namespace: longhorn-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: oauth2-proxy-longhorn
+  template:
+    metadata:
+      labels:
+        app: oauth2-proxy-longhorn
+    spec:
+      containers:
+      - name: oauth2-proxy-longhorn
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1-arm64
+        args:
+          - --provider=keycloak
+          - --client-id=longhorn
+          - --client-secret=gxyMUP89svnEXnz128ZqNBTLxjlLpBxM
+          - --cookie-secret=1arlufhiIIvTT3iPexXVREeo8YDX-ZLk3k33-98FPRM=
+          - --oidc-issuer-url=https://sso.panic.haus/realms/panic-haus
+          - --cookie-domain=longhorn.prod.panic.haus
+          - --email-domain=*
+          - --session-store-type=redis
+          - --redis-connection-url=redis://redis-lb.redis.svc.cluster.local:6379
+          - --http-address=0.0.0.0:4180
+          - --redirect-url=https://longhorn.prod.panic.haus/oauth2/callback
+          - --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80
+          - --scope=openid
+          - --login-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/auth
+          - --validate-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/userinfo
+          - --redeem-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/token
+          - --skip-auth-regex=^(?:https?:\/\/)?longhorn\.prod\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$
+        ports:
+        - containerPort: 4180
+          name: http