CadolesKube/sso-kustom
15
0
Fork 0
Code Issues 20 Pull Requests 6 Projects Releases Wiki Activity

fix: use hydra-ldap and olm operator to fix example

Browse Source
This commit is contained in:
wpetit
2025-02-13 17:02:48 +01:00
committed by Laurent Gourvénec
parent c97266c272
commit c01eb28d8c
34 changed files with 729 additions and 461 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
resources/hydra/kustomization.yaml
View File

@ -2,42 +2,45 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: reg.cadoles.com/proxy_cache/oryd/hydra
newTag: v2.1.2
- name: reg.cadoles.com/proxy_cache/oryd/hydra-maester
newTag: v0.0.32-amd64
- name: reg.cadoles.com/proxy_cache/oryd/hydra
newTag: v2.1.2
- name: reg.cadoles.com/proxy_cache/oryd/hydra-maester
newTag: v0.0.32-amd64
resources:
- ./resources/hydra-deployment.yaml
- ./resources/hydra-service.yaml
- ./resources/hydra-role.yaml
- ./resources/hydra-rolebinding.yaml
- ./resources/hydra-serviceaccount.yaml
- ./resources/hydra-migrate-job.yaml
- ./resources/hydra-maester
- ./resources/hydra-janitor-cronjob.yaml
- ./resources/hydra-deployment.yaml
- ./resources/hydra-service.yaml
- ./resources/hydra-role.yaml
- ./resources/hydra-rolebinding.yaml
- ./resources/hydra-serviceaccount.yaml
- ./resources/hydra-migrate-job.yaml
- ./resources/hydra-maester
- ./resources/hydra-janitor-cronjob.yaml
secretGenerator:
- name: hydra-secret
literals:
- SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
- name: hydra-secret
literals:
- SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
configMapGenerator:
- name: hydra-env
literals:
- URLS_SELF_ISSUER=http://localhost:4444
- URLS_LOGIN=http://hydra-login-app/login
- URLS_CONSENT=http://hydra-consent-app/consent
- URLS_LOGOUT=http://hydra-logout-app/logout
- HYDRA_SERVE_ALL_ARGS=--dev
- HYDRA_DATABASE_MAX_CONN="10"
- LOG_LEVEL=info
- name: hydra-env
literals:
- URLS_SELF_ISSUER=http://localhost:4444
- URLS_LOGIN=http://hydra-login-app/login
- URLS_CONSENT=http://hydra-consent-app/consent
- URLS_LOGOUT=http://hydra-logout-app/logout
- HYDRA_SERVE_ALL_ARGS=--dev
- HYDRA_DATABASE_MAX_CONN="10"
- LOG_LEVEL=info
vars:
- name: HYDRA_MIGRATE_JOB_NAME
objref:
name: hydra-migrate
kind: Job
apiVersion: batch/v1
fieldref:
fieldpath: metadata.name
replacements:
- source:
kind: Job
name: hydra-migrate
fieldPath: metadata.name
targets:
- select:
kind: Deployment
name: hydra
fieldPaths:
- spec.template.spec.initContainers.0.args.1

5
resources/hydra/resources/hydra-deployment.yaml
View File

@ -21,8 +21,8 @@ spec:
- name: wait-for-migrate
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- job
- $(HYDRA_MIGRATE_JOB_NAME)
- job
- REPLACE_ME
containers:
- name: hydra
image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3
@ -57,4 +57,3 @@ spec:
name: hydra-admin
resources: {}
restartPolicy: Always

7
resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
View File

@ -7,7 +7,7 @@ metadata:
labels:
app.kubernetes.io/name: hydra-maester
app.kubernetes.io/instance: hydra-master
app.kubernetes.io/version: "v0.0.23"
app.kubernetes.io/version: "v0.0.25"
spec:
replicas: 1
revisionHistoryLimit: 10
@ -38,15 +38,14 @@ spec:
- --hydra-url=$(HYDRA_ADMIN_BASE_URL)
- --hydra-port=$(HYDRA_ADMIN_PORT)
- --endpoint=/admin/clients
resources:
{}
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true