From 7788295ef16c866efd46942496c58eca9d470a78 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Fri, 22 Dec 2023 13:20:46 +0100 Subject: [PATCH] fix(components/hydra-maester): fix image version --- .../hydra-maester/kustomization.yaml | 15 +++++ .../resources/hydra-maester-deployment.yaml | 54 +++++++++++++++++ .../resources/hydra-maester-rbac.yaml | 60 +++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 resources/hydra/resources/hydra-maester/kustomization.yaml create mode 100644 resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml create mode 100644 resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml new file mode 100644 index 0000000..f8704d8 --- /dev/null +++ b/resources/hydra/resources/hydra-maester/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Kustomization + +resources: +- ./resources/hydra-maester-deployment.yaml +- ./resources/hydra-maester-rbac.yaml +#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml + +configMapGenerator: +- name: hydra-maester-env + literals: + - APP_ENV=prod + - APP_DEBUG=false + - HYDRA_ADMIN_BASE_URL=http://hydra + - HYDRA_ADMIN_PORT=4445 diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml new file mode 100644 index 0000000..1227759 --- /dev/null +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml @@ -0,0 +1,54 @@ +# Source: hydra/charts/hydra-maester/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hydra-maester + labels: + app.kubernetes.io/name: hydra-maester + app.kubernetes.io/instance: hydra-master + app.kubernetes.io/version: "v0.0.31" +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + control-plane: controller-manager + app.kubernetes.io/name: hydra-maester + app.kubernetes.io/instance: hydra + template: + metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: hydra-maester + app.kubernetes.io/instance: hydra + annotations: + spec: + containers: + - name: hydra-maester + image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.31 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: hydra-maester-env + command: + - /manager + args: + - --metrics-addr=127.0.0.1:8080 + - --hydra-url=$(HYDRA_ADMIN_BASE_URL) + - --hydra-port=$(HYDRA_ADMIN_PORT) + - --endpoint=/admin/clients + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: hydra-maester-account + automountServiceAccountToken: true + nodeSelector: diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml new file mode 100644 index 0000000..03548b3 --- /dev/null +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml @@ -0,0 +1,60 @@ +--- +# Source: hydra/charts/hydra-maester/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hydra-maester-account +--- +# Source: hydra/charts/hydra-maester/templates/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hydra-maester-role +rules: + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "create"] +--- +# Source: hydra/charts/hydra-maester/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hydra-maester-role-binding +subjects: + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hydra-maester-role +--- +# Source: hydra/charts/hydra-maester/templates/rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hydra-maester-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create"] + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +# Source: hydra/charts/hydra-maester/templates/rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hydra-maester-role-binding +subjects: + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: hydra-maester-role