fix(forecastle): Fix common labels and move to oauth2-proxy component

.sops.yaml

 creation_rules:
+  - path_regex: shared/components/.*secret.yaml
+    encrypted_regex: ^(stringData)$
+    pgp: >-
+      286791FB6648539775DB31B8FCB98C2A3EC6F601,
+      B137EE1549DFAF960DD1E2B15147025FB9F09E07
   - path_regex: shared/applications/.*.yaml
     encrypted_regex: ^(stringData)$
     pgp: >-

apps/base/forecastle/kustomization.yaml

@@ -10,7 +10,3 @@ resources:
 
 commonLabels:
   app: forecastle
-
-components:
-  - ../../../shared/components/flux-namespace-admin
-  - ../../../shared/components/namespace-baseline
\ No newline at end of file

apps/k8s01/forecastle/kustomization.yaml

 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: forecastle
+
+commonLabels:
+  app.kubernetes.io/name: forecastle
+  app.kubernetes.io/instance: fmd
+
 resources:
   - ../../base/forecastle
   - certificate.yaml
   - forecastle-values.yaml
-  - ../../../shared/applications/oauth2-proxy.yaml
   - oauth2.yaml
   - pdb.yaml
   - slo.yaml
   - ../../../shared/resourcequotas/default.yaml
+
+components:
+  - ../../../shared/components/namespace-baseline
+  - ../../../shared/components/oauth2-proxy
+  - ../../../shared/components/flux-namespace-admin
\ No newline at end of file

shared/components/oauth2-proxy/configmap.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: oauth2-proxy-base-values
+    labels:
+      app.kubernetes.io/component: oauth2-proxy
+data:
+    values.yaml: |
+        extraArgs:
+          silence-ping-logging: "true"
+          scope: openid email profile
+          oidc-groups-claim: memberof
+          code-challenge-method: 'S256'
+        replicaCount: 2
+        securityContext:
+          enabled: true
+        resources:
+            limits:
+                cpu: 200m
+                memory: 100Mi
+            requests:
+                cpu: 100m
+                memory: 25Mi
+        topologySpreadConstraints:
+          - maxSkew: 1
+            topologyKey: kubernetes.io/hostname
+            whenUnsatisfiable: DoNotSchedule
+            labelSelector:
+              matchLabels:
+                app: oauth2-proxy
+            matchLabelKeys:
+              - pod-template-hash
\ No newline at end of file

shared/components/oauth2-proxy/kustomization.yaml

+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - configmap.yaml
+  - secret.yaml
+  - repository.yaml
+  - release.yaml
+  - networkpolicy.yaml
\ No newline at end of file

shared/components/oauth2-proxy/networkpolicy.yaml

+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress-to-oauth2
+  labels:
+    app.kubernetes.io/component: oauth2-proxy
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app
+        operator: In
+        values:
+          - oauth2-proxy
+    matchLabels: {}
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            ingress.shivering-isles.com/network-access-required: "true"
+

shared/components/oauth2-proxy/release.yaml

+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+    name: oauth2-proxy
+    labels:
+      app.kubernetes.io/component: oauth2-proxy
+spec:
+  releaseName: oauth2-proxy
+  chart:
+    spec:
+      chart: oauth2-proxy
+      sourceRef:
+          kind: HelmRepository
+          name: oauth2-proxy
+      # renovate: datasource=helm depName=oauth2-proxy registryUrl=https://oauth2-proxy.github.io/manifests
+      version: 6.23.1
+  interval: 5m
+  install:
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  valuesFrom:
+    - kind: ConfigMap
+      name: oauth2-proxy-base-values
+      valuesKey: values.yaml
+    - kind: Secret
+      name: oauth2-proxy-common-values
+      valuesKey: values.yaml
+    - kind: Secret
+      name: oauth2-proxy-override-values
+      valuesKey: values-overrides.yaml
\ No newline at end of file

shared/components/oauth2-proxy/repository.yaml

+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: oauth2-proxy
+    labels:
+      app.kubernetes.io/component: oauth2-proxy
+spec:
+    interval: 30m
+    url: https://oauth2-proxy.github.io/manifests
\ No newline at end of file

shared/components/oauth2-proxy/secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+    name: oauth2-proxy-common-values
+    labels:
+      app.kubernetes.io/component: oauth2-proxy
+stringData:
+    values.yaml: ENC[AES256_GCM,data:e/0KprhgVZA3xvmkPleKFKsdjrhaFtKxZV6WcR5D+usFY4EjAMqQU8l7F1WwI9TToR5FJvE8WpdwOHQNxkrleEELXOC73PPK9h7EIJ9X9AQnAfQfeAlN7uW5Y1ClO6QQPXbG+A9dWw8axtlgBAhbsjgnkRRzkInYRZ+3/Bw11GCoDJuEsmUE9F+/yp+WMDAK,iv:2ODN4Hr59QOa8LHGbz5rjwtpjazj5+lJVmbVNMb19fg=,tag:PGJxywVMCdqTGmw7kRiiPQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-01-29T01:19:56Z"
+    mac: ENC[AES256_GCM,data:DdWfX3V/M+cpR74W2IJF9NL82mI7L4Qdz7Akl0AN/pSZtdSS8r73FrJNe/I53HKD0kdsaA+H8ERRqEvs8tA10PqgjTMa4ejF+Bm56SOQTiZU8oSEPlSMirIMyxVbjMo3ijG18tNgxRLi5iW6RKgfPKXeRBPOdVfVpWG6NJhVktM=,iv:zyNJI9ZmuJXZ2U/4BP4IEkETOuiM5PZdI7UUiPrai/M=,tag:LIrbpGp7g7A3lOny370jOQ==,type:str]
+    pgp:
+        - created_at: "2024-01-29T01:19:56Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA7kpg2bgzVHcAQ//dWZu1FM8PdaLI/pECsn34T+V+iWLQ8kQ3dbfz0Svhfri
+            rDwqcZLP7L8SKsnP5SaDRmBr7OfgvR6mwSlgJ5KrISevSeXm+Gqo/TG8jf8ry6mG
+            StWISlGahRFU1GeuciBAJ6hppSJCg2vk+VvI9CEHvPjqCBGjunxnGrUlrSRz4F0G
+            NifNuLejDJ+PBz7lZcVe17MoIi9FsdsaloONBh5Qa9V7RBNt5q5ZMIx9HG7gyd9Z
+            ZV7PToFEbbncAQwtoDGjPZTxV+jTZnejrnLySU+oYYxzpj73mBA7iNAaI816cNY6
+            +jfbj+JeguAY6WEZX+y/BXn+oaYHlL5ZwJbIwKQaoQRbxx+QKTtuKHcd3oJsmGr5
+            qfGoH6FmLTnLUfIIWJIYR45t5dnbvJTzRgKgTz3Oe2H6/H2uIvSeyv7JMXVsaNyF
+            0Bym3zLAVieKA+IC2YQsywu5wThl5oBNnaiClizqf5BGXvI7sz48H1A3TUXBjYaF
+            l9CosIXsBZtDMi/wxEGEjXQnfnvfc3y4SbtvOGE+E5m5WPYorR0FD3zAvh/BK26F
+            nAMlLD6h+uL/mzhH3QiYzKN/Ylx6jeSbvAGpBYVQ9DISRPDBGrvoPK8jrLVtj+fZ
+            4Hbn/PNJgfRKOvFIf85CvTBnTS0HsxNbJKucYL9XsYuWcGerWJeEy+OfsTMkuJ/S
+            UQHvweldOK7VHkI1tSSdNp3B8P8Yin1VGmr/qJgQlaEXtums/BDXKda2aYTYjQHk
+            WngEGNgVBaDZYyt3g2PkLWhInKmleZWIMKMKj+hSbAS9EQ==
+            =ztPR
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2024-01-29T01:19:56Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA4oYbIHZIrAPARAAw+Cytg1mG36/wr9AHVF30V6zYKMzS7HKajj1Ia9Xt8ej
+            TGpHRSpscU2HwfX1SliEAtfe2Xnqupm65AVXQEeorRhj2axgTfaRYFBIEJDnTJzm
+            UZcndCf416GZIDDu5SF2u2c64WofnpMPV7okdaFvoPNRCZvavGytcYXcczMdV43E
+            Xdb8p66LbFRJuHbGsu3b0M5ylMuaIH2MQGr/KX3fPHij4ZhYaZ/hMRf0YCSf41sM
+            8aoA+Nkgkj/rn6AasSPoFezUNRI0BE7zg20TGcR3sMLIYE7y0Ds2cqa7BIujGcRB
+            pJJQj2VVJZDYpBo4KGiPnvtWNLQONvD5fj+4FKqOiY1moxvr+SYHjY1aMtuCdfmS
+            soPOmj646OBz9Al43TzD16+QBf/r8LzHp2r/ZXXZSAKUqC1e+2whqi2+VOXVk2Vn
+            SUXyDJY52oNX7kC+HnuoxUnsZuwfDRQT5mJG0oF0n0byFz4H3l58T6r3gaS2gzaY
+            AdI0Txv+ktnrJxqLYo4j5Yhq3nBFflMK76U08v6K2N3u0XuRABwbH/TFrdpnKJUA
+            OuJ8+nwgnh81i/yEuIKlKHWu/j9MYjCJSBsq+9TDmL6623uu1GLRj8LKEenClOwo
+            7Q9GNZmQ3qNGTMSs9j1kYCtE67RJJq4GreufffEz4InWFYdPkg5lCPFMPcY5xRvU
+            aAEJAhCQosWWWhg0VQuN+gAhwEFZnMZZsxyo3qpLvsirYuIrxtzVdJZvrRlshexh
+            1eCp0BLflopyp20Avl85QeP//NO/6BeZE6whf5KGsfBdzCh8uoV9/+yqCxYTWX0L
+            E0xLjP9XfzKh
+            =XKjJ
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(stringData)$
+    version: 3.7.3