From 9020c73512cab4dcc4b1e901e25ddf7223787019 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:10 +0200 Subject: [PATCH 1/5] feat(hydra-dispatcher): non root deployment with caddy --- .../hydra-dispatcher-deployment.yaml | 49 ++++++++++++------- .../resources/hydra-dispatcher-service.yaml | 2 +- 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index fc314ad..1bbdf80 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -48,22 +48,33 @@ spec: - mountPath: /app/config/hydra name: hydra-dispatcher-apps resources: {} - - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 imagePullPolicy: Always - name: hydra-dispatcher-nginx - args: ["/usr/sbin/nginx"] + name: hydra-dispatcher-caddy + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] readinessProbe: httpGet: path: /health - port: 8080 + port: 80 initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health - port: 8080 + port: 80 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 15 @@ -71,19 +82,23 @@ spec: - configMapRef: name: hydra-dispatcher-env env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "80" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" ports: - - containerPort: 8080 + - containerPort: 80 resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always volumes: - name: hydra-dispatcher-apps diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index 4a209a3..1f8a023 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: http - port: 8080 + port: 80 selector: app.kubernetes.io/name: hydra-dispatcher status: From 212de51a84b0ab53673b184399d1dc2360c2e727 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:24 +0200 Subject: [PATCH 2/5] feat(hydra-oidc): non root deployment with caddy --- .../resources/hydra-oidc-deployment.yaml | 145 ++++++++++-------- .../resources/hydra-oidc-service.yaml | 4 +- 2 files changed, 82 insertions(+), 67 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 9d26fa2..a6f1222 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,70 +17,85 @@ spec: app.kubernetes.io/name: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - name: hydra-oidc-nginx - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - ports: - - containerPort: 8080 - resources: {} + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + name: hydra-oidc-caddy + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always - diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 5a94e1d..8cc03d1 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,8 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 8080 + - name: hydra-oidc + port: 8080 selector: app.kubernetes.io/name: hydra-oidc status: From 5ea7789cc238bd05e446ce70e4d9826247ed6a2f Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:36 +0200 Subject: [PATCH 3/5] feat(hydra-sql): non root deployment with caddy --- .../resources/hydra-sql-deployment.yaml | 170 ++++++++++-------- 1 file changed, 93 insertions(+), 77 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 6484b14..92e47af 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -17,84 +17,100 @@ spec: app.kubernetes.io/name: hydra-sql spec: containers: - - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - resources: {} - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-fpm + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 - imagePullPolicy: Always - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - resources: {} - ports: - - containerPort: 8080 - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-caddy + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + ports: + - containerPort: 8080 + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" volumes: - - name: sql-login-config - configMap: - name: sql-login-config + - name: sql-login-config + configMap: + name: sql-login-config restartPolicy: Always From a88a8240aac6dbd492a95e8bed1884ef94e343a0 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Thu, 4 Apr 2024 11:34:00 +0200 Subject: [PATCH 4/5] feat(deploiement): use port name --- .../resources/hydra-oidc-deployment.yaml | 161 ++++++++-------- .../resources/hydra-oidc-service.yaml | 5 +- .../resources/hydra-sql-deployment.yaml | 181 +++++++++--------- .../resources/hydra-sql-service.yaml | 5 +- .../hydra-dispatcher-deployment.yaml | 13 +- .../resources/hydra-dispatcher-service.yaml | 5 +- 6 files changed, 188 insertions(+), 182 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index a6f1222..022806e 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,85 +17,86 @@ spec: app.kubernetes.io/name: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 - imagePullPolicy: Always - name: hydra-oidc-caddy - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] - readinessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - ports: - - containerPort: 8080 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 + - name: hydra-oidc-caddy + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + ports: + - containerPort: 8080 + name: http + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 8cc03d1..3cc9f8c 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 8080 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-oidc status: diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 92e47af..400ae54 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -17,97 +17,98 @@ spec: app.kubernetes.io/name: hydra-sql spec: containers: - - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-fpm + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 - imagePullPolicy: Always - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 - ports: - - containerPort: 8080 - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-caddy + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" volumes: - name: sql-login-config configMap: diff --git a/components/hydra-sql/resources/hydra-sql-service.yaml b/components/hydra-sql/resources/hydra-sql-service.yaml index b4073c6..d47ff69 100644 --- a/components/hydra-sql/resources/hydra-sql-service.yaml +++ b/components/hydra-sql/resources/hydra-sql-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-sql spec: ports: - - name: hydra-sql - port: 8080 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-sql status: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 1bbdf80..b7320d5 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -52,9 +52,9 @@ spec: runAsNonRoot: true runAsGroup: 1000 runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 + - name: hydra-dispatcher-caddy + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 imagePullPolicy: Always - name: hydra-dispatcher-caddy args: [ "/usr/sbin/caddy", @@ -67,14 +67,14 @@ spec: readinessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 15 @@ -87,13 +87,14 @@ spec: - name: CADDY_HTTPS_PORT value: "8443" - name: CADDY_HTTP_PORT - value: "80" + value: "8080" - name: CADDY_DATA_FS value: "/tmp/caddy" - name: CADDY_APP_ROOT_PUBLIC value: "/app/public/" ports: - - containerPort: 80 + - containerPort: 8080 + name: http resources: {} securityContext: runAsNonRoot: true diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index 1f8a023..1985e0d 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-dispatcher spec: ports: - - name: http - port: 80 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-dispatcher status: From 054f84baef1290249eacc02b1befa39f610289fb Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Thu, 4 Apr 2024 17:46:38 +0200 Subject: [PATCH 5/5] clean(lint): fix indentation --- .../resources/hydra-sql-deployment.yaml | 88 +++++++++---------- 1 file changed, 40 insertions(+), 48 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 400ae54..d47b224 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -24,15 +24,15 @@ spec: readinessProbe: exec: command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf livenessProbe: exec: command: - - php - - bin/console - - -V + - php + - bin/console + - -V initialDelaySeconds: 10 periodSeconds: 30 resources: {} @@ -41,34 +41,26 @@ spec: runAsGroup: 1000 runAsUser: 1000 envFrom: - - configMapRef: - name: hydra-sql-env + - configMapRef: + name: hydra-sql-env env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - name: hydra-sql-caddy image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 imagePullPolicy: Always - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] + args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: httpGet: path: /health @@ -84,34 +76,34 @@ spec: timeoutSeconds: 5 periodSeconds: 15 envFrom: - - configMapRef: - name: hydra-sql-env + - configMapRef: + name: hydra-sql-env env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" resources: {} securityContext: runAsNonRoot: true runAsGroup: 1000 runAsUser: 1000 ports: - - containerPort: 8080 - name: http + - containerPort: 8080 + name: http volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" - volumes: - name: sql-login-config - configMap: - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" + volumes: + - name: sql-login-config + configMap: + name: sql-login-config restartPolicy: Always