diff --git a/apps/oauth2-proxy/.gitignore b/apps/oauth2-proxy/.gitignore
new file mode 100644
index 0000000..2946e34
--- /dev/null
+++ b/apps/oauth2-proxy/.gitignore
@@ -0,0 +1,2 @@
+Chart.lock
+charts/
diff --git a/apps/oauth2-proxy/Chart.yaml b/apps/oauth2-proxy/Chart.yaml
new file mode 100644
index 0000000..79c89c2
--- /dev/null
+++ b/apps/oauth2-proxy/Chart.yaml
@@ -0,0 +1,7 @@
+name: oauth2-proxy
+version: 0.0.1
+apiVersion: v2
+dependencies:
+- name: oauth2-proxy
+  version: 6.8.0
+  repository: https://oauth2-proxy.github.io/manifests
diff --git a/apps/oauth2-proxy/values.yaml b/apps/oauth2-proxy/values.yaml
new file mode 100644
index 0000000..0a79ab9
--- /dev/null
+++ b/apps/oauth2-proxy/values.yaml
@@ -0,0 +1,23 @@
+oauth2-proxy:
+  config:
+    clientID: 13240a7012a34dbdd9c7
+    clientSecret: change_in_argocd
+    cookieSecret: change_in_argocd
+    configFile: |-
+      provider = "github"
+      email_domains = [ "*" ]
+      upstreams = [ "file:///dev/null" ]
+      github_users = "amkartashov"
+      proxy_prefix = "/"
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: "true"
+      cert-manager.io/cluster-issuer: letsencrypt
+    hosts:
+      - oauth2.ioot.xyz
+    tls:
+      - hosts:
+          - oauth2.ioot.xyz
+        secretName: oauth2-tls
diff --git a/main/apps/oauth2-proxy.yaml b/main/apps/oauth2-proxy.yaml
new file mode 100644
index 0000000..d1b1948
--- /dev/null
+++ b/main/apps/oauth2-proxy.yaml
@@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+spec:
+  destination:
+    namespace: oauth2-proxy
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: apps/oauth2-proxy
+    repoURL: git@github.com:amkartashov/gf-k8s
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true