feat(hydra-oidc): non root deployment with caddy

This commit is contained in:
cmsassot 2024-03-27 14:08:58 +01:00
parent 380a116fa8
commit b7b9787ca4
2 changed files with 82 additions and 67 deletions

View File

@ -17,70 +17,85 @@ spec:
app.kubernetes.io/name: hydra-oidc app.kubernetes.io/name: hydra-oidc
spec: spec:
containers: containers:
- name: hydra-oidc-php-fpm - name: hydra-oidc-php-fpm
image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad image: reg.cadoles.com/cadoles/hydra-oidc:TODO_TAG
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
env: env:
- name: PHP_FPM_LISTEN - name: PHP_FPM_LISTEN
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT - name: PHP_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_MEMORY_LIMIT
value: 128m value: 128m
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-oidc-env name: hydra-oidc-env
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - image: reg.cadoles.com/cadoles/hydra-oidc:TODO_TAG
imagePullPolicy: Always imagePullPolicy: Always
name: hydra-oidc-nginx name: hydra-oidc-nginx
args: ["/usr/sbin/nginx"] args:
readinessProbe: [
httpGet: "/usr/sbin/caddy",
path: /healthy "run",
port: 8080 "--adapter",
initialDelaySeconds: 5 "caddyfile",
timeoutSeconds: 5 "--config",
periodSeconds: 10 "/etc/caddy/Caddyfile",
livenessProbe: ]
httpGet: readinessProbe:
path: /healthy httpGet:
port: 8080 path: /healthy
initialDelaySeconds: 15 port: 8080
timeoutSeconds: 5 initialDelaySeconds: 5
periodSeconds: 15 timeoutSeconds: 5
envFrom: periodSeconds: 10
- configMapRef: livenessProbe:
name: hydra-oidc-env httpGet:
env: path: /healthy
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER port: 8080
value: 127.0.0.1:9000 initialDelaySeconds: 15
- name: NGINX_APP_ROOT timeoutSeconds: 5
value: "/public/" periodSeconds: 15
- name: NGINX_APP_PHP_INDEX ports:
value: "/index.php" - containerPort: 8080
- name: NGINX_ERROR_LOG_LEVEL envFrom:
value: "warn" - configMapRef:
- name: NGINX_APP_PHP_NON_FILE_PATTERN name: hydra-oidc-env
value: "^/index\\.php(/|$)" env:
ports: - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
- containerPort: 8080 value: 127.0.0.1:9000
resources: {} - name: CADDY_HTTPS_PORT
value: "8443"
- name: CADDY_HTTP_PORT
value: "8080"
- name: CADDY_DATA_FS
value: "/tmp/caddy"
- name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/"
resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
restartPolicy: Always restartPolicy: Always

View File

@ -6,8 +6,8 @@ metadata:
name: hydra-oidc name: hydra-oidc
spec: spec:
ports: ports:
- name: hydra-oidc - name: hydra-oidc
port: 8080 port: 8080
selector: selector:
app.kubernetes.io/name: hydra-oidc app.kubernetes.io/name: hydra-oidc
status: status: