From 39438b07784aba00887bb4c216fb6aa08a46181b Mon Sep 17 00:00:00 2001 From: vcarroy Date: Fri, 25 Oct 2024 14:21:18 +0200 Subject: [PATCH 1/5] Remove dispatcher default config --- .../hydra-dispatcher/files/hydra/default.yaml | 16 ---------------- resources/hydra-dispatcher/kustomization.yaml | 3 --- .../resources/hydra-dispatcher-deployment.yaml | 5 ----- 3 files changed, 24 deletions(-) delete mode 100644 resources/hydra-dispatcher/files/hydra/default.yaml diff --git a/resources/hydra-dispatcher/files/hydra/default.yaml b/resources/hydra-dispatcher/files/hydra/default.yaml deleted file mode 100644 index 5eeb26f..0000000 --- a/resources/hydra-dispatcher/files/hydra/default.yaml +++ /dev/null @@ -1,16 +0,0 @@ -parameters: - env(HYDRA_DISPATCHER_WEBHOOK_ENABLED): false - env(HYDRA_DISPATCHER_WEBHOOK_API_URL): "" - env(HYDRA_DISPATCHER_WEBHOOK_API_KEY): "" - env(HYDRA_DISPATCHER_WEBHOOK_API_METHOD): POST - env(HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES): true - -hydra: - apps: [] - webhook: - enabled: "%env(bool:HYDRA_DISPATCHER_WEBHOOK_ENABLED)%" - api_url: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_URL)%" - api_key: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_KEY)%" - api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%" - webhook_post_login: - enabled: false diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 7ab4a1d..93d1827 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -26,9 +26,6 @@ configMapGenerator: - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en - REDIS_DSN="redis://redis:6379" -- name: hydra-dispatcher-apps - files: - - apps.yaml=./files/hydra/default.yaml - name: hydra-dispatcher-php-ini files: - ./files/03_base.ini \ No newline at end of file diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 93f76bd..849981f 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -50,8 +50,6 @@ spec: - configMapRef: name: hydra-dispatcher-env volumeMounts: - - mountPath: /app/config/hydra - name: hydra-dispatcher-apps - name: hydra-dispatcher-php-ini mountPath: /etc/php81/conf.d/03_base.ini subPath: 03_base.ini @@ -110,9 +108,6 @@ spec: runAsUser: 1000 restartPolicy: Always volumes: - - name: hydra-dispatcher-apps - configMap: - name: hydra-dispatcher-apps - name: hydra-dispatcher-php-ini configMap: name: hydra-dispatcher-php-ini From 3c9b5ec22aa0d4fa9e662f3c2cd97d72783ca91a Mon Sep 17 00:00:00 2001 From: vcarroy Date: Fri, 25 Oct 2024 14:45:34 +0200 Subject: [PATCH 2/5] Remove sql default config --- components/hydra-sql/files/sql_login.yaml | 7 ------- components/hydra-sql/kustomization.yaml | 3 --- .../hydra-sql/resources/hydra-sql-deployment.yaml | 10 ---------- 3 files changed, 20 deletions(-) delete mode 100644 components/hydra-sql/files/sql_login.yaml diff --git a/components/hydra-sql/files/sql_login.yaml b/components/hydra-sql/files/sql_login.yaml deleted file mode 100644 index a69ef96..0000000 --- a/components/hydra-sql/files/sql_login.yaml +++ /dev/null @@ -1,7 +0,0 @@ -sql_login: - login_column_name: mail - password_column_name: password - salt_column_name: salt - table_name: user - data_to_fetch: - - mail diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index c6f9540..58a6551 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -27,9 +27,6 @@ configMapGenerator: - ALTCHA_HOST=http://altcha:3333 - ALTCHA_BASE_URL=/altcha - ALTCHA_ENABLED=true -- name: sql-login-config - files: - - ./files/sql_login.yaml - name: hydra-sql-php-ini files: - ./files/03_base.ini diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 8d7d050..487a9de 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -60,9 +60,6 @@ spec: - name: OPCACHE_REVALIDATE_FREQ value: "0" volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" - name: hydra-sql-php-ini mountPath: /etc/php81/conf.d/03_base.ini subPath: 03_base.ini @@ -107,14 +104,7 @@ spec: ports: - containerPort: 8080 name: http - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" volumes: - - name: sql-login-config - configMap: - name: sql-login-config - name: hydra-sql-php-ini configMap: name: hydra-sql-php-ini From f8b1dae1f264dad85f6d537f89fac0d2e29047fc Mon Sep 17 00:00:00 2001 From: vcarroy Date: Tue, 22 Apr 2025 11:35:00 +0200 Subject: [PATCH 3/5] feat : update image refs --- components/hydra-oidc/resources/hydra-oidc-deployment.yaml | 4 ++-- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 5a73f40..056455d 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.7-develop.951.64b13e8 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.18-symfonycontainerupdate.1522.1637e19 imagePullPolicy: IfNotPresent args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -52,7 +52,7 @@ spec: runAsUser: 1000 - name: hydra-oidc-caddy - image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.7-develop.951.64b13e8 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.18-symfonycontainerupdate.1522.1637e19 imagePullPolicy: IfNotPresent args: [ diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 487a9de..a2fa83e 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.15-develop.1007.945a558 + image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.17-symfonycontainerupdate.1254.0de370a imagePullPolicy: IfNotPresent args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -65,7 +65,7 @@ spec: subPath: 03_base.ini - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.15-develop.1007.945a558 + image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.17-symfonycontainerupdate.1254.0de370a imagePullPolicy: IfNotPresent args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 849981f..453af10 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.3.18-develop.1401.4646fbb + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.4.18-symfonycontainerupdate.1413.9f67e58 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -59,7 +59,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 - name: hydra-dispatcher-caddy - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.3.18-develop.1401.4646fbb + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.4.18-symfonycontainerupdate.1413.9f67e58 imagePullPolicy: IfNotPresent args: [ From 41afa90886a8b2f7237b1e9d238f793e757d5630 Mon Sep 17 00:00:00 2001 From: vcarroy Date: Tue, 22 Apr 2025 14:03:07 +0200 Subject: [PATCH 4/5] feat : add emptyDir on /tmp for symfony containers based containers --- components/hydra-oidc/resources/hydra-oidc-deployment.yaml | 7 +++++++ components/hydra-sql/resources/hydra-sql-deployment.yaml | 5 +++++ .../resources/hydra-dispatcher-deployment.yaml | 5 +++++ 3 files changed, 17 insertions(+) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 056455d..553bf49 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -45,6 +45,9 @@ spec: envFrom: - configMapRef: name: hydra-oidc-env + volumeMounts: + - name: oidc-tmp + mountPath: /tmp resources: {} securityContext: runAsNonRoot: true @@ -100,3 +103,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 restartPolicy: Always + volumes: + - name: oidc-tmp + emptyDir: + medium: Memory diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index a2fa83e..3b1fa54 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -63,6 +63,8 @@ spec: - name: hydra-sql-php-ini mountPath: /etc/php81/conf.d/03_base.ini subPath: 03_base.ini + - name: sql-tmp + mountPath: /tmp - name: hydra-sql-caddy image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.17-symfonycontainerupdate.1254.0de370a @@ -108,5 +110,8 @@ spec: - name: hydra-sql-php-ini configMap: name: hydra-sql-php-ini + - name: sql-tmp + emptyDir: + medium: Memory restartPolicy: Always diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 453af10..7006251 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -53,6 +53,8 @@ spec: - name: hydra-dispatcher-php-ini mountPath: /etc/php81/conf.d/03_base.ini subPath: 03_base.ini + - name: dispatcher-tmp + mountPath: /tmp resources: {} securityContext: runAsNonRoot: true @@ -111,3 +113,6 @@ spec: - name: hydra-dispatcher-php-ini configMap: name: hydra-dispatcher-php-ini + - name: dispatcher-tmp + emptyDir: + medium: Memory From 7134e53584dff0c56974b6a6fdaf75313f4913e4 Mon Sep 17 00:00:00 2001 From: Gauthier DUPONT Date: Fri, 2 May 2025 16:52:20 +0200 Subject: [PATCH 5/5] fix(security): bump alpine version to fix vulnerabilities --- components/hydra-oidc/resources/hydra-oidc-deployment.yaml | 4 ++-- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 553bf49..7d0b59d 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.18-symfonycontainerupdate.1522.1637e19 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.5.12-develop.1308.4d1b0a4 imagePullPolicy: IfNotPresent args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -55,7 +55,7 @@ spec: runAsUser: 1000 - name: hydra-oidc-caddy - image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.4.18-symfonycontainerupdate.1522.1637e19 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.5.12-develop.1308.4d1b0a4 imagePullPolicy: IfNotPresent args: [ diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 3b1fa54..d6bd004 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.17-symfonycontainerupdate.1254.0de370a + image: reg.cadoles.com/cadoles/hydra-sql-base:2025.5.12-develop.1303.64d1c1c imagePullPolicy: IfNotPresent args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -67,7 +67,7 @@ spec: mountPath: /tmp - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2025.4.17-symfonycontainerupdate.1254.0de370a + image: reg.cadoles.com/cadoles/hydra-sql-base:2025.5.12-develop.1303.64d1c1c imagePullPolicy: IfNotPresent args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 7006251..1d9a34a 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.4.18-symfonycontainerupdate.1413.9f67e58 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.5.12-develop.1306.a249b62 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -61,7 +61,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 - name: hydra-dispatcher-caddy - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.4.18-symfonycontainerupdate.1413.9f67e58 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.5.12-develop.1306.a249b62 imagePullPolicy: IfNotPresent args: [