Hydra-maester
This project contains a Kubernetes controller that uses Custom Resources (CR) to manage Hydra Oauth2 clients. ORY Hydra Maester watches for instances of oauth2clients.oathkeeper.ory.sh/v1alpha1 CR and creates, updates, or deletes corresponding OAuth2 clients by communicating with ORY Hydra's API.
Visit Hydra-maester's chart documentation and view a sample OAuth2 client resource to learn more about the oauth2clients.oathkeeper.ory.sh/v1alpha1 CR.
The project is based on Kubebuilder.
Prerequisites
- recent version of Go language with support for modules (e.g: 1.12.6)
- make
- kubectl
- kustomize
- ginkgo for local integration testing
- access to K8s environment: minikube or a remote K8s cluster
Design
Take a look at Design Readme.
How to use it
make testto run testsmake test-integrationto run integration testsmake installto generate CRD file from go sources and install it on the clusterexport HYDRA_URL={HYDRA_SERVICE_URL} && make runto run the controller
To deploy the controller, edit the value of the --hydra-url argument in the manager.yaml file and run make deploy.
Command-line flags
| Name | Required | Description | Default value | Example values |
|---|---|---|---|---|
| hydra-url | yes | ORY Hydra's service address | - | ory-hydra-admin.ory.svc.cluster.local |
| hydra-port | no | ORY Hydra's service port | 4445 |
4445 |