diff --git a/components/hydra-oidc/files/hydra/oidc.yaml b/components/hydra-oidc/files/hydra/oidc.yaml index 07b9bc4..ccabe7d 100644 --- a/components/hydra-oidc/files/hydra/oidc.yaml +++ b/components/hydra-oidc/files/hydra/oidc.yaml @@ -1,12 +1,13 @@ hydra: apps: - id: oidc - title: + title: fr: Connexion OIDC en: Login OIDC - description: + description: fr: Authentification avec OpenID Connect en: Authentication with OpenID Connect login_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGIN_URL)%" consent_url: "%env(string:HYDRA_DISPATCHER_OIDC_CONSENT_URL)%" - logout_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGOUT_URL)%" \ No newline at end of file + logout_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGOUT_URL)%" + attributes_rewrite_configuration: [] diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index 6e6f2cb..88288e0 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -10,6 +10,8 @@ configMapGenerator: literals: - APP_ENV=prod - APP_DEBUG=false + - PHP_FPM_MEMORY_LIMIT=256m + - NGINX_APP_SERVER_LISTEN=80 - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token @@ -24,14 +26,14 @@ configMapGenerator: - CLIENT_SECRET_FC=MyClientSecret - COOKIE_PATH=/ - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR - - name: hydra-dispatcher-apps - behavior: merge - files: - - ./files/hydra/oidc.yaml + # - name: hydra-dispatcher-apps + # behavior: merge + # files: + # - apps.yaml=./files/hydra/oidc.yaml patchesJson6902: - target: version: v1 kind: ConfigMap name: hydra-dispatcher-env - path: patches/hydra-dispatcher-env.yaml \ No newline at end of file + path: patches/hydra-dispatcher-env.yaml diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 11c754f..dd62f7e 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,13 +17,70 @@ spec: io.kompose.service: hydra-oidc spec: containers: - - name: hydra-oidc - image: reg.cadoles.com/cadoles/hydra-oidc-v1:v0.0.0-170-g485b138 + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m envFrom: - configMapRef: name: hydra-oidc-env + resources: {} + + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + imagePullPolicy: Always + name: hydra-oidc-nginx + args: ["/usr/sbin/nginx"] + readinessProbe: + httpGet: + path: /healthy + port: 80 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 80 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: NGINX_APP_ROOT + value: "/public/" + - name: NGINX_APP_PHP_INDEX + value: "/index.php" + - name: NGINX_ERROR_LOG_LEVEL + value: "warn" + - name: NGINX_APP_PHP_NON_FILE_PATTERN + value: "^/index\\.php(/|$)" ports: - - containerPort: 80 + - containerPort: 8080 resources: {} restartPolicy: Always - + diff --git a/components/hydra-saml/files/hydra/saml.yaml b/components/hydra-saml/files/hydra/saml.yaml index 905b3d5..518c43b 100644 --- a/components/hydra-saml/files/hydra/saml.yaml +++ b/components/hydra-saml/files/hydra/saml.yaml @@ -1,10 +1,10 @@ hydra: apps: - id: saml - title: + title: fr: Connexion SAML en: Login SAML - description: + description: fr: Authentification avec SAML en: Authentication with SAML login_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGIN_URL)%" @@ -27,4 +27,4 @@ hydra: uid: required: false eduPersonAffiliation: - required: false \ No newline at end of file + required: false diff --git a/components/hydra-saml/kustomization.yaml b/components/hydra-saml/kustomization.yaml index 50a858f..7194c92 100644 --- a/components/hydra-saml/kustomization.yaml +++ b/components/hydra-saml/kustomization.yaml @@ -37,4 +37,4 @@ patchesJson6902: version: v1 kind: ConfigMap name: hydra-dispatcher-env - path: patches/hydra-dispatcher-env.yaml \ No newline at end of file + path: patches/hydra-dispatcher-env.yaml diff --git a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml index a99bec7..677a02e 100644 --- a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml +++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml @@ -51,4 +51,4 @@ spec: io.kompose.service: hydra-saml-shibboleth-sp status: loadBalancer: {} - + diff --git a/components/hydra-sql/files/sql_login.yaml b/components/hydra-sql/files/sql_login.yaml new file mode 100644 index 0000000..a69ef96 --- /dev/null +++ b/components/hydra-sql/files/sql_login.yaml @@ -0,0 +1,7 @@ +sql_login: + login_column_name: mail + password_column_name: password + salt_column_name: salt + table_name: user + data_to_fetch: + - mail diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml new file mode 100644 index 0000000..f305b11 --- /dev/null +++ b/components/hydra-sql/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: +- ./resources/hydra-sql-service.yaml +- ./resources/hydra-sql-deployment.yaml + +configMapGenerator: +- name: hydra-sql-env + literals: + - ISSUER_URL="http://localhost:8000" + - BASE_URL='http://localhost:8080' + - HYDRA_ADMIN_BASE_URL='http://hydra:4445/admin' + - APP_LOCALES="fr,en" + - HASH_ALGO_LEGACY="sha256, bcrypt" + - SECURITY_PATTERN="password,salt,pepper" + - DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql" + - DB_USER="makeMeASecret" + - DB_PASSWORD="makeMeASecret" + - PEPPER="MakeMeABigSecret" +- name: sql-login-config + files: + - ./files/sql_login.yaml diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml new file mode 100644 index 0000000..ee84ac4 --- /dev/null +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + io.kompose.service: hydra-sql + name: hydra-sql +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: hydra-sql + strategy: + type: Recreate + template: + metadata: + labels: + io.kompose.service: hydra-sql + spec: + containers: + - name: hydra-sql-fpm + image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + resources: {} + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" + + - name: hydra-sql-nginx + image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1 + imagePullPolicy: Always + args: ["/usr/sbin/nginx"] + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: NGINX_APP_ROOT + value: "/public" + - name: NGINX_APP_PHP_INDEX + value: "/index.php" + - name: NGINX_ERROR_LOG_LEVEL + value: "warn" + - name: NGINX_APP_PHP_NON_FILE_PATTERN + value: "^/index\\.php(/|$)" + resources: {} + ports: + - containerPort: 8080 + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" + volumes: + - name: sql-login-config + configMap: + name: sql-login-config + + restartPolicy: Always diff --git a/components/hydra-sql/resources/hydra-sql-service.yaml b/components/hydra-sql/resources/hydra-sql-service.yaml new file mode 100644 index 0000000..2941999 --- /dev/null +++ b/components/hydra-sql/resources/hydra-sql-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + io.kompose.service: hydra-sql + name: hydra-sql +spec: + ports: + - name: hydra-sql + port: 8080 + selector: + io.kompose.service: hydra-sql +status: + loadBalancer: {} diff --git a/kustomization.yaml b/kustomization.yaml index 38c75b0..60bbd7a 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -9,3 +9,4 @@ components: - ./components/hydra-cnpg-database - ./components/hydra-oidc - ./components/hydra-saml +- ./components/hydra-sql diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 23d854a..8bba48f 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -10,6 +10,8 @@ configMapGenerator: literals: - APP_ENV=prod - APP_DEBUG=false + - PHP_FPM_MEMORY_LIMIT=256m + - NGINX_APP_SERVER_LISTEN=80 - HYDRA_BASE_URL=http://hydra:4444 - HYDRA_ADMIN_BASE_URL=http://hydra:4445 - HYDRA_REWRITE_ISSUER=yes @@ -21,4 +23,4 @@ configMapGenerator: - APP_LOCALES=fr,en - name: hydra-dispatcher-apps files: - - ./files/hydra/default.yaml + - apps.yaml=./files/hydra/default.yaml diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 2a049ce..d7fb91f 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -17,20 +17,75 @@ spec: io.kompose.service: hydra-dispatcher spec: containers: - - name: hydra-dispatcher - image: reg.cadoles.com/cadoles/hydra-dispatcher-v1:v0.0.0-238-g7236416 + - name: hydra-dispatcher-php-fpm + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359 + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m envFrom: - configMapRef: name: hydra-dispatcher-env volumeMounts: - - mountPath: /var/www/config/hydra + - mountPath: /app/config/hydra name: hydra-dispatcher-apps + resources: {} + + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359 + imagePullPolicy: Always + name: hydra-dispatcher-nginx + args: ["/usr/sbin/nginx"] + readinessProbe: + httpGet: + path: /health + port: 80 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 80 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-dispatcher-env + env: + - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: NGINX_APP_ROOT + value: "/public/" + - name: NGINX_APP_PHP_INDEX + value: "/index.php" + - name: NGINX_ERROR_LOG_LEVEL + value: "warn" + - name: NGINX_APP_PHP_NON_FILE_PATTERN + value: "^/index\\.php(/|$)" ports: - - containerPort: 80 + - containerPort: 8080 resources: {} restartPolicy: Always volumes: - name: hydra-dispatcher-apps configMap: name: hydra-dispatcher-apps -