feat(hydra-oidc): non root deployment with caddy

This commit is contained in:
cmsassot 2024-04-03 09:45:24 +02:00
parent a2154c5587
commit 7ab78d97aa
2 changed files with 82 additions and 67 deletions

View File

@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: hydra-oidc-php-fpm
image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad
image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe:
@ -46,11 +46,23 @@ spec:
- configMapRef:
name: hydra-oidc-env
resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
imagePullPolicy: Always
name: hydra-oidc-nginx
args: ["/usr/sbin/nginx"]
name: hydra-oidc-caddy
args:
[
"/usr/sbin/caddy",
"run",
"--adapter",
"caddyfile",
"--config",
"/etc/caddy/Caddyfile",
]
readinessProbe:
httpGet:
path: /healthy
@ -65,22 +77,25 @@ spec:
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 15
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: hydra-oidc-env
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
- name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public/"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
- name: CADDY_HTTPS_PORT
value: "8443"
- name: CADDY_HTTP_PORT
value: "8080"
- name: CADDY_DATA_FS
value: "/tmp/caddy"
- name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/"
resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
restartPolicy: Always