From 518d9d6177904efe195ac23482b1445da9e33e92 Mon Sep 17 00:00:00 2001 From: William Petit Date: Thu, 2 Nov 2023 18:32:37 +0100 Subject: [PATCH] fix: example app deployment with saml login app --- components/hydra-saml/files/hydra/saml.yaml | 2 +- .../hydra-saml-remote-user-deployment.yaml | 2 +- .../hydra-saml-remote-user-service.yaml | 2 +- .../resources/hydra-saml-service.yaml | 2 +- .../hydra-saml-shibboleth-sp-deployment.yaml | 2 +- examples/authenticated-app/README.md | 33 ++++++-- examples/authenticated-app/kustomization.yaml | 4 +- .../patches/hydra-dispatcher-env.yaml | 22 +++-- .../authenticated-app/patches/hydra-env.yaml | 8 +- .../patches/hydra-saml-env.yaml | 24 ++++-- .../resources/app-deployment.yaml | 20 +++-- .../ingress-prefix-traefik-middleware.yaml | 10 --- .../authenticated-app/resources/ingress.yaml | 82 +++++++++++++++---- .../resources/oauth2-client.yaml | 18 ++++ .../resources/port-forwarder-deployment.yaml | 17 +++- .../resources/port-forwarder-service.yaml | 8 +- .../authenticated-app/resources/saml-idp.yaml | 51 ++++++++++++ .../resources/self-signed-issuer.yaml | 6 ++ examples/k8s/k3d/cluster-config.yaml | 11 --- examples/k8s/k3d/cluster/kustomization.yaml | 4 - examples/k8s/kind/cluster-config.yaml | 45 ++++++++++ examples/k8s/kind/cluster/.gitignore | 1 + examples/k8s/kind/cluster/kustomization.yaml | 6 ++ .../hydra-dispatcher/files/hydra/default.yaml | 17 +++- .../hydra-dispatcher-deployment.yaml | 2 +- 25 files changed, 317 insertions(+), 82 deletions(-) delete mode 100644 examples/authenticated-app/resources/ingress-prefix-traefik-middleware.yaml create mode 100644 examples/authenticated-app/resources/oauth2-client.yaml create mode 100644 examples/authenticated-app/resources/saml-idp.yaml create mode 100644 examples/authenticated-app/resources/self-signed-issuer.yaml delete mode 100644 examples/k8s/k3d/cluster-config.yaml delete mode 100644 examples/k8s/k3d/cluster/kustomization.yaml create mode 100644 examples/k8s/kind/cluster-config.yaml create mode 100644 examples/k8s/kind/cluster/.gitignore create mode 100644 examples/k8s/kind/cluster/kustomization.yaml diff --git a/components/hydra-saml/files/hydra/saml.yaml b/components/hydra-saml/files/hydra/saml.yaml index 198d33f..58c37da 100644 --- a/components/hydra-saml/files/hydra/saml.yaml +++ b/components/hydra-saml/files/hydra/saml.yaml @@ -10,4 +10,4 @@ hydra: login_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGIN_URL)%" consent_url: "%env(string:HYDRA_DISPATCHER_SAML_CONSENT_URL)%" logout_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGOUT_URL)%" - attributes_rewrite_rules: [] \ No newline at end of file + attributes_rewrite_configuration: {} \ No newline at end of file diff --git a/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml b/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml index 24502cc..6adba72 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-saml-remote-user - image: reg.cadoles.com/cadoles/hydra-remote-user-v1:v0.0.0-170-g485b138 + image: reg.cadoles.com/cadoles/hydra-remote-user-v1:v0.0.0-218-g4b5e1d9 envFrom: - configMapRef: name: hydra-saml-env diff --git a/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml b/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml index 960ecea..9aad3eb 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml @@ -6,7 +6,7 @@ metadata: name: hydra-saml-remote-user spec: ports: - - name: hydra-saml-remote-user + - name: http port: 80 selector: io.kompose.service: hydra-saml-remote-user diff --git a/components/hydra-saml/resources/hydra-saml-service.yaml b/components/hydra-saml/resources/hydra-saml-service.yaml index c85bbc1..cd305c2 100644 --- a/components/hydra-saml/resources/hydra-saml-service.yaml +++ b/components/hydra-saml/resources/hydra-saml-service.yaml @@ -6,7 +6,7 @@ metadata: name: hydra-saml spec: ports: - - name: hydra-saml-shibboleth-sp + - name: http port: 80 selector: io.kompose.service: hydra-saml-shibboleth-sp diff --git a/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml b/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml index 80a793b..7279985 100644 --- a/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml +++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-saml-shibboleth-sp - image: reg.cadoles.com/cadoles/shibboleth-sp-v3:v0.0.0-172-g0f44679 + image: reg.cadoles.com/wpetit/shibboleth-sp-v3:v0.0.0-230-g266901c envFrom: - configMapRef: name: hydra-saml-env diff --git a/examples/authenticated-app/README.md b/examples/authenticated-app/README.md index 126a15e..3a59073 100644 --- a/examples/authenticated-app/README.md +++ b/examples/authenticated-app/README.md @@ -1,19 +1,21 @@ # Exemple: Déploiement d'une application authentifiée avec la stack SSO +L'exemple est actuellement déployé avec le composant `hydra-saml` uniquement. + ## Procédure -### Avec `k3d` +### Avec `kind` -1. Créer un cluster avec `k3d` +1. Créer un cluster avec `kind` ``` - k3d cluster create -c ./examples/k8s/k3d/k3d/cluster-config.yaml + kind create cluster --config ./examples/k8s/kind/cluster-config.yaml ``` 2. Déployer les opérateurs nécessaires au déploiement ``` - kubectl apply -k ./examples/k8s/k3d/cluster + kubectl kustomize --enable-helm ./examples/k8s/kind/cluster | kubectl apply -f - ``` 3. Déployer l'application @@ -22,4 +24,25 @@ kubectl apply -k ./examples/authenticated-app ``` -Après stabilisation du déploiement, l'application devrait être accessible à l'adresse http://localhost:8080/ \ No newline at end of file + **Note** Il est possible d'avoir l'erreur suivante: + + ``` + error: resource mapping not found for name: "app-oauth2-client" namespace: "" from "./examples/authenticated-app": no matches for kind "OAuth2Client" in version "hydra.ory.sh/v1alpha1" + ``` + + Cette erreur est "normale" (voir https://github.com/kubernetes/kubectl/issues/1117). Dans ce cas, attendre la création de la CRD (voir ticket) puis relancer la commande. + +4. Ajouter l'entrée suivante dans votre fichier `/etc/hosts` + + ``` + 127.0.0.1 ssokustom + ``` + +5. Après stabilisation du déploiement, l'application devrait être accessible à l'adresse https://ssokustom + +#### Supprimer le cluster + +``` +kind delete cluster -n sso-kustom-example +``` + diff --git a/examples/authenticated-app/kustomization.yaml b/examples/authenticated-app/kustomization.yaml index 926224c..cb306cc 100644 --- a/examples/authenticated-app/kustomization.yaml +++ b/examples/authenticated-app/kustomization.yaml @@ -7,7 +7,9 @@ resources: - ./resources/app-deployment.yaml - ./resources/app-service.yaml - ./resources/ingress.yaml - - ./resources/ingress-prefix-traefik-middleware.yaml + - ./resources/oauth2-client.yaml + - ./resources/saml-idp.yaml + - ./resources/self-signed-issuer.yaml - ./resources/port-forwarder-deployment.yaml - ./resources/port-forwarder-service.yaml diff --git a/examples/authenticated-app/patches/hydra-dispatcher-env.yaml b/examples/authenticated-app/patches/hydra-dispatcher-env.yaml index be7c1dc..464288a 100644 --- a/examples/authenticated-app/patches/hydra-dispatcher-env.yaml +++ b/examples/authenticated-app/patches/hydra-dispatcher-env.yaml @@ -1,18 +1,30 @@ - op: replace path: "/data/HYDRA_BASE_URL" - value: http://ssokustom:8080/auth + value: http://hydra:4444 - op: replace path: "/data/HYDRA_ADMIN_BASE_URL" value: http://hydra:4445/admin - op: replace path: "/data/HYDRA_ORIGINAL_ISSUER" - value: http://ssokustom:8080/auth + value: http://hydra:4444 - op: replace path: "/data/HYDRA_NEW_ISSUER" - value: http://ssokustom:8080/auth/dispatcher/ + value: https://ssokustom/auth/dispatcher - op: replace path: "/data/BASE_URL" - value: http://ssokustom:8080/auth/dispatcher + value: https://ssokustom/auth/dispatcher - op: replace path: "/data/COOKIE_PATH" - value: /auth/dispatcher \ No newline at end of file + value: /auth/dispatcher + +# Hydra SAML configuration +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_LOGIN_URL" + value: https://ssokustom/auth/saml/login +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_CONSENT_URL" + value: https://ssokustom/auth/saml/consent +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_LOGOUT_URL" + value: https://ssokustom/auth/saml/logout + \ No newline at end of file diff --git a/examples/authenticated-app/patches/hydra-env.yaml b/examples/authenticated-app/patches/hydra-env.yaml index 8b9286f..1b45696 100644 --- a/examples/authenticated-app/patches/hydra-env.yaml +++ b/examples/authenticated-app/patches/hydra-env.yaml @@ -1,15 +1,15 @@ - op: replace path: "/data/URLS_SELF_ISSUER" - value: http://ssokustom:8080/auth + value: https://ssokustom/auth - op: replace path: "/data/URLS_LOGIN" - value: http://ssokustom:8080/auth/dispatcher/login + value: https://ssokustom/auth/dispatcher/login - op: replace path: "/data/URLS_LOGOUT" - value: http://ssokustom:8080/auth/dispatcher/logout + value: https://ssokustom/auth/dispatcher/logout - op: replace path: "/data/URLS_CONSENT" - value: http://ssokustom:8080/auth/dispatcher/consent + value: https://ssokustom/auth/dispatcher/consent - op: replace path: "/data/HYDRA_SERVE_ALL_ARGS" value: "--dev" \ No newline at end of file diff --git a/examples/authenticated-app/patches/hydra-saml-env.yaml b/examples/authenticated-app/patches/hydra-saml-env.yaml index f340556..13dd3d6 100644 --- a/examples/authenticated-app/patches/hydra-saml-env.yaml +++ b/examples/authenticated-app/patches/hydra-saml-env.yaml @@ -1,6 +1,6 @@ - op: replace path: "/data/HTTP_BASE_URL" - value: http://ssokustom:8080/auth/saml + value: https://ssokustom/auth/saml - op: replace path: "/data/COOKIE_PATH" value: /auth/saml @@ -9,23 +9,29 @@ value: http://hydra-dispatcher - op: replace path: "/data/LOGOUT_REDIRECT_URL_PATTERN" - value: http://ssokustom:8080/auth/saml/Shibboleth.sso/Logout?return=%s + value: https://ssokustom/auth/saml/Shibboleth.sso/Logout?return=%s - op: replace path: "/data/SP_ENTITY_ID" - value: http://ssokustom:8080/auth/saml + value: https://ssokustom/auth/saml - op: replace path: "/data/IDP_ENTITY_ID" - value: http://ssokustom:8080/idp + value: http://ssokustom/simplesaml/saml2/idp/metadata.php - op: replace path: "/data/IDP_METADATA_URL" - value: http://ssokustom:8080/idp/metadata -- op: replace - path: "/data/APACHE_BACKEND_URL" - value: http://hydra-remote-user + value: http://ssokustom/simplesaml/saml2/idp/metadata.php - op: replace path: "/data/APACHE_FORCE_HTTPS" value: "false" - op: replace path: "/data/SP_HANDLER_BASE_PATH" - value: /auth/saml \ No newline at end of file + value: / +- op: replace + path: "/data/SP_LOG_LEVEL" + value: DEBUG +- op: replace + path: "/data/SP_SESSIONS_REDIRECT_LIMIT" + value: none +- op: replace + path: "/data/SP_SESSIONS_REDIRECT_ALLOW" + value: https://ssokustom \ No newline at end of file diff --git a/examples/authenticated-app/resources/app-deployment.yaml b/examples/authenticated-app/resources/app-deployment.yaml index fc31c7c..c93ec1b 100644 --- a/examples/authenticated-app/resources/app-deployment.yaml +++ b/examples/authenticated-app/resources/app-deployment.yaml @@ -17,7 +17,7 @@ spec: io.kompose.service: app spec: containers: - - image: bornholm/oidc-test:v0.0.0-1-g936a77e + - image: bornholm/oidc-test:v0.0.0-6-g96f1f8f name: app ports: - containerPort: 8080 @@ -28,13 +28,21 @@ spec: - name: HTTP_ADDRESS value: 0.0.0.0:8080 - name: OIDC_CLIENT_ID - value: oidc-test + valueFrom: + secretKeyRef: + name: app-oidc-secret + key: client_id - name: OIDC_CLIENT_SECRET - value: oidc-test-123456 + valueFrom: + secretKeyRef: + name: app-oidc-secret + key: client_secret - name: OIDC_ISSUER_URL - value: http://ssokustom:8080/auth + value: http://hydra:4444 - name: OIDC_REDIRECT_URL - value: http://ssokustom:8080 + value: https://ssokustom - name: OIDC_POST_LOGOUT_REDIRECT_URL - value: http://ssokustom:8080 + value: https://ssokustom + - name: OIDC_SKIP_ISSUER_VERIFICATION + value: "true" restartPolicy: Always diff --git a/examples/authenticated-app/resources/ingress-prefix-traefik-middleware.yaml b/examples/authenticated-app/resources/ingress-prefix-traefik-middleware.yaml deleted file mode 100644 index 07f8e81..0000000 --- a/examples/authenticated-app/resources/ingress-prefix-traefik-middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: ingress-prefix -spec: - stripPrefixRegex: - regex: - - ^/auth/dispatcher - - ^/auth/saml - - ^/auth \ No newline at end of file diff --git a/examples/authenticated-app/resources/ingress.yaml b/examples/authenticated-app/resources/ingress.yaml index 28ecffa..e589a35 100644 --- a/examples/authenticated-app/resources/ingress.yaml +++ b/examples/authenticated-app/resources/ingress.yaml @@ -1,11 +1,17 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: portal + name: app annotations: - ingress.kubernetes.io/ssl-redirect: "false" - traefik.ingress.kubernetes.io/router.middlewares: default-ingress-prefix@kubernetescrd + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/issuer: "self-signed" spec: + ingressClassName: nginx + tls: + - hosts: + - ssokustom + - ssokustom + secretName: ssokustom-example-tls rules: - http: paths: @@ -16,8 +22,26 @@ spec: name: app port: name: http - - - path: /auth/dispatcher +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: auth + annotations: + cert-manager.io/issuer: "self-signed" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 +spec: + ingressClassName: nginx + tls: + - hosts: + - ssokustom + - ssokustom + secretName: ssokustom-example-tls + rules: + - http: + paths: + - path: /auth/dispatcher(/|$)(.*) pathType: Prefix backend: service: @@ -25,19 +49,49 @@ spec: port: name: http - - path: /auth + - path: /auth(/|$)(.*) pathType: Prefix backend: service: name: hydra port: name: hydra-public - - # - path: /auth/passwordless/?(.*) - # pathType: Prefix - # backend: - # service: - # name: hydra - # port: - # name: http-public + + - path: /auth/saml(/|$)(.*) + pathType: Prefix + backend: + service: + name: hydra-saml + port: + name: http +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: saml-idp + annotations: + cert-manager.io/issuer: "self-signed" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /simplesaml/$2 +spec: + ingressClassName: nginx + tls: + - hosts: + - ssokustom + - ssokustom + secretName: ssokustom-example-tls + rules: + - http: + paths: + - path: /simplesaml(/|$)(.*) + pathType: Prefix + backend: + service: + name: saml-idp + port: + name: http + + + + \ No newline at end of file diff --git a/examples/authenticated-app/resources/oauth2-client.yaml b/examples/authenticated-app/resources/oauth2-client.yaml new file mode 100644 index 0000000..b0b89de --- /dev/null +++ b/examples/authenticated-app/resources/oauth2-client.yaml @@ -0,0 +1,18 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: app-oauth2-client +spec: + clientName: "app" + tokenEndpointAuthMethod: "client_secret_basic" + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + scope: "openid profile email" + secretName: app-oidc-secret + redirectUris: + - https://ssokustom + postLogoutRedirectUris: + - https://ssokustom diff --git a/examples/authenticated-app/resources/port-forwarder-deployment.yaml b/examples/authenticated-app/resources/port-forwarder-deployment.yaml index 9ff0268..d999476 100644 --- a/examples/authenticated-app/resources/port-forwarder-deployment.yaml +++ b/examples/authenticated-app/resources/port-forwarder-deployment.yaml @@ -18,12 +18,21 @@ spec: spec: containers: - image: hpello/tcp-proxy:latest - name: port-forwarder + name: port-forwarder-https env: - name: LISTEN_PORT - value: "8080" + value: "443" ports: - - containerPort: 8080 + - containerPort: 443 resources: {} - args: ["traefik.kube-system.svc.cluster.local", "80"] + args: ["ingress-nginx-controller.ingress-nginx.svc.cluster.local", "443"] + - image: hpello/tcp-proxy:latest + name: port-forwarder-http + env: + - name: LISTEN_PORT + value: "80" + ports: + - containerPort: 80 + resources: {} + args: ["ingress-nginx-controller.ingress-nginx.svc.cluster.local", "80"] restartPolicy: Always diff --git a/examples/authenticated-app/resources/port-forwarder-service.yaml b/examples/authenticated-app/resources/port-forwarder-service.yaml index a360fdf..132905c 100644 --- a/examples/authenticated-app/resources/port-forwarder-service.yaml +++ b/examples/authenticated-app/resources/port-forwarder-service.yaml @@ -6,7 +6,11 @@ metadata: io.kompose.service: port-forwarder spec: ports: - - port: 8080 - targetPort: 8080 + - name: https + port: 443 + targetPort: 443 + - name: http + port: 80 + targetPort: 80 selector: io.kompose.service: port-forwarder \ No newline at end of file diff --git a/examples/authenticated-app/resources/saml-idp.yaml b/examples/authenticated-app/resources/saml-idp.yaml new file mode 100644 index 0000000..d89cdbf --- /dev/null +++ b/examples/authenticated-app/resources/saml-idp.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + io.kompose.service: saml-idp + name: saml-idp +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: saml-idp + strategy: + type: Recreate + template: + metadata: + labels: + io.kompose.service: saml-idp + spec: + containers: + - image: kristophjunge/test-saml-idp:1.15 + name: saml-idp + ports: + - containerPort: 8443 + resources: {} + env: + - name: SIMPLESAMLPHP_SP_ENTITY_ID + value: https://ssokustom/auth/saml + - name: SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE + value: https://ssokustom/auth/saml/Shibboleth.sso/SAML2/POST + - name: SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE + value: https://ssokustom/auth/saml/Shibboleth.sso/Logout?return=https://ssokustom + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + io.kompose.service: saml-idp + name: saml-idp +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: https + port: 8443 + targetPort: 8443 + selector: + io.kompose.service: saml-idp +status: + loadBalancer: {} \ No newline at end of file diff --git a/examples/authenticated-app/resources/self-signed-issuer.yaml b/examples/authenticated-app/resources/self-signed-issuer.yaml new file mode 100644 index 0000000..69ec201 --- /dev/null +++ b/examples/authenticated-app/resources/self-signed-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: self-signed +spec: + selfSigned: {} \ No newline at end of file diff --git a/examples/k8s/k3d/cluster-config.yaml b/examples/k8s/k3d/cluster-config.yaml deleted file mode 100644 index 04831c8..0000000 --- a/examples/k8s/k3d/cluster-config.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: k3d.io/v1alpha4 -kind: Simple -metadata: - name: sso-kustom -servers: 1 -agents: 2 -ports: - - port: 8080:80 - nodeFilters: - - loadbalancer diff --git a/examples/k8s/k3d/cluster/kustomization.yaml b/examples/k8s/k3d/cluster/kustomization.yaml deleted file mode 100644 index 6e2bd83..0000000 --- a/examples/k8s/k3d/cluster/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop \ No newline at end of file diff --git a/examples/k8s/kind/cluster-config.yaml b/examples/k8s/kind/cluster-config.yaml new file mode 100644 index 0000000..4cb24d2 --- /dev/null +++ b/examples/k8s/kind/cluster-config.yaml @@ -0,0 +1,45 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +name: sso-kustom-example +nodes: +- role: control-plane + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + - containerPort: 443 + hostPort: 443 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + labels: + ingress-ready: true +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi \ No newline at end of file diff --git a/examples/k8s/kind/cluster/.gitignore b/examples/k8s/kind/cluster/.gitignore new file mode 100644 index 0000000..fbad614 --- /dev/null +++ b/examples/k8s/kind/cluster/.gitignore @@ -0,0 +1 @@ +/charts \ No newline at end of file diff --git a/examples/k8s/kind/cluster/kustomization.yaml b/examples/k8s/kind/cluster/kustomization.yaml new file mode 100644 index 0000000..59e678e --- /dev/null +++ b/examples/k8s/kind/cluster/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- https://github.com/jetstack/cert-manager/releases/download/v1.13.2/cert-manager.yaml +- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop +- https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml \ No newline at end of file diff --git a/resources/hydra-dispatcher/files/hydra/default.yaml b/resources/hydra-dispatcher/files/hydra/default.yaml index f23203e..52e6dbb 100644 --- a/resources/hydra-dispatcher/files/hydra/default.yaml +++ b/resources/hydra-dispatcher/files/hydra/default.yaml @@ -1,2 +1,17 @@ +parameters: + env(HYDRA_DISPATCHER_WEBHOOK_ENABLED): false + env(HYDRA_DISPATCHER_WEBHOOK_API_URL): "" + env(HYDRA_DISPATCHER_WEBHOOK_API_KEY): "" + env(HYDRA_DISPATCHER_WEBHOOK_API_METHOD): POST + env(HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES): true + hydra: - apps: [] \ No newline at end of file + apps: [] + webhook: + enabled: "%env(bool:HYDRA_DISPATCHER_WEBHOOK_ENABLED)%" + api_url: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_URL)%" + api_key: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_KEY)%" + api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%" + firewall: + additional_properties: "%env(bool:HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES)%" + rules: {} \ No newline at end of file diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 7728ce9..2a049ce 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher - image: reg.cadoles.com/cadoles/hydra-dispatcher-v1:v0.0.0-218-g4b5e1d9 + image: reg.cadoles.com/cadoles/hydra-dispatcher-v1:v0.0.0-238-g7236416 envFrom: - configMapRef: name: hydra-dispatcher-env