oauth2-proxy:
  config:
    clientID: 13240a7012a34dbdd9c7
    clientSecret: change_in_argocd
    cookieSecret: change_in_argocd
    configFile: |-
      # https://github.com/kubernetes/ingress-nginx/issues/2831#issuecomment-407336056
      provider = "github"
      email_domains = [ "*" ]
      upstreams = [ "file:///dev/null" ]
      github_users = "amkartashov"
      whitelist_domains = ".ioot.xyz"
      cookie_refresh = "1m"
      cookie_expire = "30m"
      cookie_secure = "true"
      cookie_domains = ".ioot.xyz"
      ssl_insecure_skip_verify = "true"
      pass_basic_auth = "false"
      pass_access_token = "true"
      pass_user_headers = "true"
      set_authorization_header = "true"
      pass_authorization_header = "true"
      set_xauthrequest = true
      # https://github.com/oauth2-proxy/oauth2-proxy/issues/1724#issuecomment-1199075723
      scope = "user:email"

  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: letsencrypt
    hosts:
      - oauth2.ioot.xyz
    tls:
      - hosts:
          - oauth2.ioot.xyz
        secretName: oauth2-tls