feat: initial commit

README.md

@@ -0,0 +1,7 @@
+# Kustom SSO
+
+Kustomization du service "SSO" (Ory Hydra)
+
+## Usage
+
+[Voir la documentation](./doc/README.md)

components/hydra-cnpg-database/configurations/cnpg-cluster.yaml

@@ -0,0 +1,8 @@
+---
+nameReference:
+- kind: Secret
+  fieldSpecs:
+  - path: spec/superuserSecret/name
+    kind: Cluster
+  - path: spec/bootstrap/initdb/secret/name
+    kind: Cluster

components/hydra-cnpg-database/kustomization.yaml

@@ -0,0 +1,28 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+configurations:
+  - ./configurations/cnpg-cluster.yaml
+
+resources:
+  - ./resources/hydra-cnpg-cluster.yaml
+
+secretGenerator:
+  - name: hydra-postgres-admin
+    type: Secret
+    literals:
+      - username=postgres
+      - password=NotSoSecret
+  - name: hydra-postgres-user
+    type: Secret
+    literals:
+      - username=hydra
+      - password=NotSoSecret
+
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: hydra
+  path: patches/hydra-deployment.yaml

components/hydra-cnpg-database/patches/hydra-deployment.yaml

@@ -0,0 +1,21 @@
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_USER
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: username
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: password
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DSN
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@hydra-postgres-rw:5432/hydra?sslmode=disable"

components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml

@@ -0,0 +1,17 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: hydra-postgres
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  superuserSecret:
+    name: hydra-postgres-admin
+  bootstrap:
+    initdb:
+      database: hydra
+      owner: hydra
+      secret:
+        name: hydra-postgres-user
+  storage:
+    size: 2Gi

doc/README.md

@@ -0,0 +1 @@
+# Documentation

kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./resources/hydra
+  - ./resources/hydra-dispatcher
+
+components:
+  - ./components/hydra-cnpg-database

resources/hydra-dispatcher/kustomization.yaml

@@ -0,0 +1,2 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization

resources/hydra/hydra-deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: hydra
+  name: hydra
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: hydra
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.service: hydra
+    spec:
+      containers:
+        - env: []
+          image: reg.cadoles.com/cadoles/hydra-v1:v0.0.0-118-g80e1990
+          livenessProbe:
+            exec:
+              command:
+                - wget
+                - --spider
+                - -q
+                - http://127.0.0.1:4444/.well-known/openid-configuration
+            failureThreshold: 3
+            periodSeconds: 10
+            timeoutSeconds: 10
+          name: hydra
+          ports:
+            - containerPort: 4444
+          resources: {}
+      restartPolicy: Always

resources/hydra/hydra-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert --out=./kompose
+    kompose.version: 1.26.1 (a9d05d509)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: hydra
+  name: hydra
+spec:
+  ports:
+    - name: "8081"
+      port: 8081
+      targetPort: 4444
+  selector:
+    io.kompose.service: hydra
+status:
+  loadBalancer: {}

resources/hydra/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./hydra-deployment.yaml
+  - ./hydra-service.yaml