apiVersion: apps/v1
kind: Deployment
metadata:
  name: oauth2-proxy-longhorn
  namespace: longhorn-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: oauth2-proxy-longhorn
  template:
    metadata:
      labels:
        app: oauth2-proxy-longhorn
    spec:
      containers:
      - name: oauth2-proxy-longhorn
        image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
        args:
          - --provider=keycloak
          - --client-id=longhorn
          - --client-secret=0U2QuP1QMAXln8bzwJ3aJMIvaH9t2QvJ
          - --cookie-secret=lDE7du7SlDuG1UySIZUhcHfuk5HlgFlgDWdHD_PQ9UI=
          - --oidc-issuer-url=https://sso.beatrice.wtf/auth/realms/panic-haus
          - --cookie-domain=longhorn.panic.haus
          - --email-domain=*
          - --http-address=0.0.0.0:4180
          - --redirect-url=https://longhorn.panic.haus/oauth2/callback
          -  --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80
          - --scope=openid
          - --login-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/auth
          - --validate-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/userinfo
          - --redeem-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/token
          - --skip-auth-regex=^(?:https?:\/\/)?longhorn\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$
        ports:
          - name: http
            containerPort: 4180
            protocol: TCP