feat(hydra-sql): non root deployment with caddy

This commit is contained in:
cmsassot 2024-03-27 14:09:26 +01:00
parent b7b9787ca4
commit 27ad9d4468
1 changed files with 93 additions and 77 deletions

View File

@ -17,84 +17,100 @@ spec:
app.kubernetes.io/name: hydra-sql app.kubernetes.io/name: hydra-sql
spec: spec:
containers: containers:
- name: hydra-sql-fpm - name: hydra-sql-fpm
image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 image: reg.cadoles.com/cadoles/hydra-sql:TODO_TAG
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
resources: {} resources: {}
envFrom: securityContext:
- configMapRef: runAsNonRoot: true
name: hydra-sql-env runAsGroup: 1000
env: runAsUser: 1000
- name: PHP_FPM_LISTEN envFrom:
value: 127.0.0.1:9000 - configMapRef:
- name: PHP_MEMORY_LIMIT name: hydra-sql-env
value: 128m env:
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_LISTEN
value: 128m value: 127.0.0.1:9000
- name: PHP_FPM_LOG_LEVEL - name: PHP_MEMORY_LIMIT
value: warning value: 128m
volumeMounts: - name: PHP_FPM_MEMORY_LIMIT
- name: sql-login-config value: 128m
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - name: PHP_FPM_LOG_LEVEL
subPath: "sql_login.yaml" value: warning
volumeMounts:
- name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml"
- name: hydra-sql-nginx - name: hydra-sql-nginx
image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 image: reg.cadoles.com/cadoles/hydra-sql:TODO_TAG
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/nginx"] args:
readinessProbe: [
httpGet: "/usr/sbin/caddy",
path: /health "run",
port: 8080 "--adapter",
initialDelaySeconds: 5 "caddyfile",
timeoutSeconds: 5 "--config",
periodSeconds: 10 "/etc/caddy/Caddyfile",
livenessProbe: ]
httpGet: readinessProbe:
path: /health httpGet:
port: 8080 path: /health
initialDelaySeconds: 15 port: 8080
timeoutSeconds: 5 initialDelaySeconds: 5
periodSeconds: 15 timeoutSeconds: 5
envFrom: periodSeconds: 10
- configMapRef: livenessProbe:
name: hydra-sql-env httpGet:
env: path: /health
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER port: 8080
value: 127.0.0.1:9000 initialDelaySeconds: 15
- name: NGINX_APP_ROOT timeoutSeconds: 5
value: "/public" periodSeconds: 15
- name: NGINX_APP_PHP_INDEX envFrom:
value: "/index.php" - configMapRef:
- name: NGINX_ERROR_LOG_LEVEL name: hydra-sql-env
value: "warn" env:
- name: NGINX_APP_PHP_NON_FILE_PATTERN - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: "^/index\\.php(/|$)" value: 127.0.0.1:9000
resources: {} - name: CADDY_HTTPS_PORT
ports: value: "8443"
- containerPort: 8080 - name: CADDY_HTTP_PORT
volumeMounts: value: "8080"
- name: sql-login-config - name: CADDY_DATA_FS
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" value: "/tmp/caddy"
subPath: "sql_login.yaml" - name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/"
resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
ports:
- containerPort: 8080
volumeMounts:
- name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml"
volumes: volumes:
- name: sql-login-config - name: sql-login-config
configMap: configMap:
name: sql-login-config name: sql-login-config
restartPolicy: Always restartPolicy: Always