commit 0c84d89a9069184e28a95c30fb0da11f92e94017 Author: William Petit Date: Wed Jan 25 20:27:27 2023 +0100 feat: initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..256224d --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# Kustom SSO + +Kustomization du service "SSO" (Ory Hydra) + +## Usage + +[Voir la documentation](./doc/README.md) \ No newline at end of file diff --git a/components/hydra-cnpg-database/configurations/cnpg-cluster.yaml b/components/hydra-cnpg-database/configurations/cnpg-cluster.yaml new file mode 100644 index 0000000..2eb79d2 --- /dev/null +++ b/components/hydra-cnpg-database/configurations/cnpg-cluster.yaml @@ -0,0 +1,8 @@ +--- +nameReference: +- kind: Secret + fieldSpecs: + - path: spec/superuserSecret/name + kind: Cluster + - path: spec/bootstrap/initdb/secret/name + kind: Cluster diff --git a/components/hydra-cnpg-database/kustomization.yaml b/components/hydra-cnpg-database/kustomization.yaml new file mode 100644 index 0000000..7654823 --- /dev/null +++ b/components/hydra-cnpg-database/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +configurations: + - ./configurations/cnpg-cluster.yaml + +resources: + - ./resources/hydra-cnpg-cluster.yaml + +secretGenerator: + - name: hydra-postgres-admin + type: Secret + literals: + - username=postgres + - password=NotSoSecret + - name: hydra-postgres-user + type: Secret + literals: + - username=hydra + - password=NotSoSecret + +patchesJson6902: +- target: + group: apps + version: v1 + kind: Deployment + name: hydra + path: patches/hydra-deployment.yaml \ No newline at end of file diff --git a/components/hydra-cnpg-database/patches/hydra-deployment.yaml b/components/hydra-cnpg-database/patches/hydra-deployment.yaml new file mode 100644 index 0000000..8ecf094 --- /dev/null +++ b/components/hydra-cnpg-database/patches/hydra-deployment.yaml @@ -0,0 +1,21 @@ +- op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_USER + valueFrom: + secretKeyRef: + name: hydra-postgres-user + key: username +- op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: hydra-postgres-user + key: password +- op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DSN + value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@hydra-postgres-rw:5432/hydra?sslmode=disable" \ No newline at end of file diff --git a/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml b/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml new file mode 100644 index 0000000..7f48955 --- /dev/null +++ b/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml @@ -0,0 +1,17 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: hydra-postgres +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + superuserSecret: + name: hydra-postgres-admin + bootstrap: + initdb: + database: hydra + owner: hydra + secret: + name: hydra-postgres-user + storage: + size: 2Gi \ No newline at end of file diff --git a/doc/README.md b/doc/README.md new file mode 100644 index 0000000..7d8b3af --- /dev/null +++ b/doc/README.md @@ -0,0 +1 @@ +# Documentation \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..bcd30e4 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./resources/hydra + - ./resources/hydra-dispatcher + +components: + - ./components/hydra-cnpg-database \ No newline at end of file diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml new file mode 100644 index 0000000..991a883 --- /dev/null +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -0,0 +1,2 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization \ No newline at end of file diff --git a/resources/hydra/hydra-deployment.yaml b/resources/hydra/hydra-deployment.yaml new file mode 100644 index 0000000..c068a51 --- /dev/null +++ b/resources/hydra/hydra-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + io.kompose.service: hydra + name: hydra +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: hydra + strategy: + type: Recreate + template: + metadata: + labels: + io.kompose.service: hydra + spec: + containers: + - env: [] + image: reg.cadoles.com/cadoles/hydra-v1:v0.0.0-118-g80e1990 + livenessProbe: + exec: + command: + - wget + - --spider + - -q + - http://127.0.0.1:4444/.well-known/openid-configuration + failureThreshold: 3 + periodSeconds: 10 + timeoutSeconds: 10 + name: hydra + ports: + - containerPort: 4444 + resources: {} + restartPolicy: Always diff --git a/resources/hydra/hydra-service.yaml b/resources/hydra/hydra-service.yaml new file mode 100644 index 0000000..9692f97 --- /dev/null +++ b/resources/hydra/hydra-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert --out=./kompose + kompose.version: 1.26.1 (a9d05d509) + creationTimestamp: null + labels: + io.kompose.service: hydra + name: hydra +spec: + ports: + - name: "8081" + port: 8081 + targetPort: 4444 + selector: + io.kompose.service: hydra +status: + loadBalancer: {} diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml new file mode 100644 index 0000000..6073582 --- /dev/null +++ b/resources/hydra/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./hydra-deployment.yaml + - ./hydra-service.yaml