feat: initial commit

2023-01-25 20:27:27 +01:00 · 2023-01-25 20:27:27 +01:00 · 0c84d89a90
commit 0c84d89a90
11 changed files with 154 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,7 @@
+# Kustom SSO
+
+Kustomization du service "SSO" (Ory Hydra)
+
+## Usage
+
+[Voir la documentation](./doc/README.md)
--- a/components/hydra-cnpg-database/configurations/cnpg-cluster.yaml
+++ b/components/hydra-cnpg-database/configurations/cnpg-cluster.yaml
@ -0,0 +1,8 @@
+---
+nameReference:
+- kind: Secret
+  fieldSpecs:
+  - path: spec/superuserSecret/name
+    kind: Cluster
+  - path: spec/bootstrap/initdb/secret/name
+    kind: Cluster
--- a/components/hydra-cnpg-database/kustomization.yaml
+++ b/components/hydra-cnpg-database/kustomization.yaml
@ -0,0 +1,28 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+configurations:
+  - ./configurations/cnpg-cluster.yaml
+
+resources:
+  - ./resources/hydra-cnpg-cluster.yaml
+
+secretGenerator:
+  - name: hydra-postgres-admin
+    type: Secret
+    literals:
+      - username=postgres
+      - password=NotSoSecret
+  - name: hydra-postgres-user
+    type: Secret
+    literals:
+      - username=hydra
+      - password=NotSoSecret
+
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: hydra
+  path: patches/hydra-deployment.yaml
--- a/components/hydra-cnpg-database/patches/hydra-deployment.yaml
+++ b/components/hydra-cnpg-database/patches/hydra-deployment.yaml
@ -0,0 +1,21 @@
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_USER
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: username
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: password
+- op: add
+  path: "/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DSN
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@hydra-postgres-rw:5432/hydra?sslmode=disable"
--- a/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml
+++ b/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml
@ -0,0 +1,17 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: hydra-postgres
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  superuserSecret:
+    name: hydra-postgres-admin
+  bootstrap:
+    initdb:
+      database: hydra
+      owner: hydra
+      secret:
+        name: hydra-postgres-user
+  storage:
+    size: 2Gi
--- a/doc/README.md
+++ b/doc/README.md
@ -0,0 +1 @@
+# Documentation
--- a/kustomization.yaml
+++ b/kustomization.yaml
@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./resources/hydra
+  - ./resources/hydra-dispatcher
+
+components:
+  - ./components/hydra-cnpg-database
--- a/resources/hydra-dispatcher/kustomization.yaml
+++ b/resources/hydra-dispatcher/kustomization.yaml
@ -0,0 +1,2 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
--- a/resources/hydra/hydra-deployment.yaml
+++ b/resources/hydra/hydra-deployment.yaml
@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: hydra
+  name: hydra
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: hydra
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.service: hydra
+    spec:
+      containers:
+        - env: []
+          image: reg.cadoles.com/cadoles/hydra-v1:v0.0.0-118-g80e1990
+          livenessProbe:
+            exec:
+              command:
+                - wget
+                - --spider
+                - -q
+                - http://127.0.0.1:4444/.well-known/openid-configuration
+            failureThreshold: 3
+            periodSeconds: 10
+            timeoutSeconds: 10
+          name: hydra
+          ports:
+            - containerPort: 4444
+          resources: {}
+      restartPolicy: Always
--- a/resources/hydra/hydra-service.yaml
+++ b/resources/hydra/hydra-service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert --out=./kompose
+    kompose.version: 1.26.1 (a9d05d509)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: hydra
+  name: hydra
+spec:
+  ports:
+    - name: "8081"
+      port: 8081
+      targetPort: 4444
+  selector:
+    io.kompose.service: hydra
+status:
+  loadBalancer: {}
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./hydra-deployment.yaml
+  - ./hydra-service.yaml