From 29f539f7ab903bdfbd5718bbca125213eebee6d4 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 13 Feb 2024 16:49:37 +0100 Subject: [PATCH] fix(oidc): removing deprecated and useless patch fix container liveness and readyness probes fix service with correct port --- components/hydra-oidc/kustomization.yaml | 62 ++++----- .../hydra-oidc/patches/hydra-oidc-env.yaml | 9 -- .../resources/hydra-oidc-deployment.yaml | 128 +++++++++--------- .../resources/hydra-oidc-service.yaml | 4 +- 4 files changed, 93 insertions(+), 110 deletions(-) delete mode 100644 components/hydra-oidc/patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index ac4ec8c..deec38c 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -2,43 +2,35 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - ./resources/hydra-oidc-deployment.yaml - - ./resources/hydra-oidc-service.yaml +- ./resources/hydra-oidc-deployment.yaml +- ./resources/hydra-oidc-service.yaml generatorOptions: labels: - com.cadoles.forge.sso-kustom/session: redis + com.cadoles.forge.sso-kustom/session: redis configMapGenerator: - - name: hydra-oidc-env - literals: - - APP_ENV=prod - - APP_DEBUG=false - - PHP_FPM_MEMORY_LIMIT=256m - - NGINX_APP_SERVER_LISTEN=80 - - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize - - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token - - OIDC_USERINFO_ENDPOINT=https://oidc-idp/api/v1/userinfo - - POST_LOGOUT_REDIRECT_URL=http://oidc-sp/logout - - OIDC_LOGOUT_ENDPOINT=https://oidc-idp/api/v1/logout?%s - - BASE_URL=http://hydra-oidc - - PARAMS_TO_DELETE=[] - - PARAMS_TO_INSERT={} - - OIDC_SCOPE=openid email - - CLIENT_ID_FC=MyClientID - - CLIENT_SECRET_FC=MyClientSecret - - COOKIE_PATH=/ - - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR - - REDIS_DSN="redis://redis:6379" - # - name: hydra-dispatcher-apps - # behavior: merge - # files: - # - apps.yaml=./files/hydra/oidc.yaml - -patchesJson6902: - - target: - version: v1 - kind: ConfigMap - name: hydra-oidc-env - path: patches/hydra-oidc-env.yaml +- name: hydra-oidc-env + literals: + - APP_ENV=prod + - APP_DEBUG=false + - PHP_FPM_MEMORY_LIMIT=256m + - NGINX_APP_SERVER_LISTEN=80 + - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher + - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize + - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token + - OIDC_USERINFO_ENDPOINT=https://oidc-idp/api/v1/userinfo + - POST_LOGOUT_REDIRECT_URL=http://oidc-sp/logout + - OIDC_LOGOUT_ENDPOINT=https://oidc-idp/api/v1/logout?%s + - BASE_URL=http://hydra-oidc + - PARAMS_TO_DELETE=[] + - PARAMS_TO_INSERT={} + - OIDC_SCOPE=openid email + - CLIENT_ID_FC=MyClientID + - CLIENT_SECRET_FC=MyClientSecret + - COOKIE_PATH=/ + - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR + - REDIS_DSN="redis://redis:6379" + - HYDRA_DISPATCHER_OIDC_LOGIN_URL="http://hydra-oidc/login" + - HYDRA_DISPATCHER_OIDC_CONSENT_URL="http://hydra-oidc/consent" + - HYDRA_DISPATCHER_OIDC_LOGOUT_URL="http://hydra-oidc/logout" diff --git a/components/hydra-oidc/patches/hydra-oidc-env.yaml b/components/hydra-oidc/patches/hydra-oidc-env.yaml deleted file mode 100644 index 0b56c86..0000000 --- a/components/hydra-oidc/patches/hydra-oidc-env.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_LOGIN_URL" - value: http://hydra-oidc/login -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_CONSENT_URL" - value: http://hydra-oidc/consent -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_LOGOUT_URL" - value: http://hydra-oidc/logout \ No newline at end of file diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 2c73871..64892bb 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,70 +17,70 @@ spec: io.kompose.service: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - name: hydra-oidc-nginx - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /healthy - port: 80 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 80 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - ports: - - containerPort: 8080 - resources: {} + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad + imagePullPolicy: Always + name: hydra-oidc-nginx + args: ["/usr/sbin/nginx"] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: NGINX_APP_ROOT + value: "/public/" + - name: NGINX_APP_PHP_INDEX + value: "/index.php" + - name: NGINX_ERROR_LOG_LEVEL + value: "warn" + - name: NGINX_APP_PHP_NON_FILE_PATTERN + value: "^/index\\.php(/|$)" + ports: + - containerPort: 8080 + resources: {} restartPolicy: Always diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 0398b45..07aab4e 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,8 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 80 + - name: hydra-oidc + port: 8080 selector: io.kompose.service: hydra-oidc status: