From 6acda0553ea700183b27801ca41d2f69064faeab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurent=20Gourv=C3=A9nec?= Date: Fri, 24 Nov 2023 12:09:47 +0100 Subject: [PATCH 1/6] feat(component): adding werther --- components/werther/kustomization.yaml | 25 +++++++++ components/werther/resources/deployment.yaml | 54 ++++++++++++++++++++ components/werther/resources/service.yaml | 17 ++++++ 3 files changed, 96 insertions(+) create mode 100644 components/werther/kustomization.yaml create mode 100644 components/werther/resources/deployment.yaml create mode 100644 components/werther/resources/service.yaml diff --git a/components/werther/kustomization.yaml b/components/werther/kustomization.yaml new file mode 100644 index 0000000..94822ae --- /dev/null +++ b/components/werther/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./resources/deployment.yaml + - ./resources/service.yaml + +configMapGenerator: + - name: werther-env + literals: + - WERTHER_DEV_MODE=false + - WERTHER_LDAP_ROLE_CLAIM="https://hydra/claims/roles" + - WERTHER_SKIP_SSL_VERIFICATIONS=false + - WERTHER_IDENTP_CLAIM_SCOPES="name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fhydra%2Fclaims%2Froles:roles" + - WERTHER_IDENTP_HYDRA_URL="http://hydra:4444" + - WERTHER_LDAP_ENDPOINTS="ldap.test.fr:636" + - WERTHER_LDAP_IS_TLS=true + - WERTHER_LDAP_BASEDN="o=test,c=fr" + - WERTHER_LDAP_ROLE_BASEDN="ou=groups,o=test,c=fr" + +secretGenerator: + - name: werther-ldap-sc + literals: + - WERTHER_LDAP_BINDDN="cn=reader,o=test,c=fr" + - WERTHER_LDAP_BINDPW=ThisMustBeAbsolutelyChanged diff --git a/components/werther/resources/deployment.yaml b/components/werther/resources/deployment.yaml new file mode 100644 index 0000000..a38011d --- /dev/null +++ b/components/werther/resources/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: werther + namespace: default + labels: + app.kubernetes.io/name: werther + app.kubernetes.io/instance: werther + app.kubernetes.io/version: "v1.2.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: werther + app.kubernetes.io/instance: werther + template: + metadata: + labels: + app.kubernetes.io/name: werther + app.kubernetes.io/instance: werther + app.kubernetes.io/version: "v1.2.2" + spec: + containers: + - name: werther + image: "reg.cadoles.com/cadoles/werther:1.2.2-feat_ssl_ignore-a39445f" + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: werther-env + env: + - name: WERTHER_WEB_DIR + value: "/usr/share/werther/login/" + - name: WERTHER_LDAP_BINDDN + valueFrom: + secretKeyRef: + name: werther-ldap-sc + key: WERTHER_LDAP_BINDDN + - name: WERTHER_LDAP_BINDPW + valueFrom: + secretKeyRef: + name: werther-ldap-sc + key: WERTHER_LDAP_BINDPW + ports: + - containerPort: 8080 + name: werther-http + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 100 diff --git a/components/werther/resources/service.yaml b/components/werther/resources/service.yaml new file mode 100644 index 0000000..52065e2 --- /dev/null +++ b/components/werther/resources/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + io.kompose.service: werther + name: werther +spec: + type: ClusterIP + ports: + - name: werther + port: 8080 + targetPort: werther-http + protocol: TCP + selector: + app.kubernetes.io/name: werther +status: + loadBalancer: {} From 38d3f1c1df9f9ac0df4fc835db0bd13d5a7a830a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurent=20Gourv=C3=A9nec?= Date: Wed, 6 Dec 2023 14:40:24 +0100 Subject: [PATCH 2/6] feat(werther): adding a timeout for LDAP connection --- components/werther/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/components/werther/kustomization.yaml b/components/werther/kustomization.yaml index 94822ae..0e88a49 100644 --- a/components/werther/kustomization.yaml +++ b/components/werther/kustomization.yaml @@ -17,6 +17,7 @@ configMapGenerator: - WERTHER_LDAP_IS_TLS=true - WERTHER_LDAP_BASEDN="o=test,c=fr" - WERTHER_LDAP_ROLE_BASEDN="ou=groups,o=test,c=fr" + - WERTHER_LDAP_CONNECTION_TIMEOUT="10s" secretGenerator: - name: werther-ldap-sc From 063b575117db7996688abe1bebb51223b9ac9b7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurent=20Gourv=C3=A9nec?= Date: Wed, 6 Dec 2023 15:38:40 +0100 Subject: [PATCH 3/6] feat(werther): update image --- components/werther/resources/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/werther/resources/deployment.yaml b/components/werther/resources/deployment.yaml index a38011d..8b26d62 100644 --- a/components/werther/resources/deployment.yaml +++ b/components/werther/resources/deployment.yaml @@ -22,7 +22,7 @@ spec: spec: containers: - name: werther - image: "reg.cadoles.com/cadoles/werther:1.2.2-feat_ssl_ignore-a39445f" + image: reg.cadoles.com/cadoles/hydra-werther:2023.12.6-stable.1421.15a4717 imagePullPolicy: IfNotPresent envFrom: - configMapRef: From bf865b02e2e93a432aac93d94d5beb5ba1afc7aa Mon Sep 17 00:00:00 2001 From: William Petit Date: Mon, 11 Dec 2023 09:50:13 +0100 Subject: [PATCH 4/6] feat(hydra-ldap): rename resources from werther to hydra-ldap --- .../{werther => hydra-ldap}/kustomization.yaml | 4 ++-- .../resources/deployment.yaml | 13 +++++-------- .../{werther => hydra-ldap}/resources/service.yaml | 10 +++++----- 3 files changed, 12 insertions(+), 15 deletions(-) rename components/{werther => hydra-ldap}/kustomization.yaml (94%) rename components/{werther => hydra-ldap}/resources/deployment.yaml (81%) rename components/{werther => hydra-ldap}/resources/service.yaml (51%) diff --git a/components/werther/kustomization.yaml b/components/hydra-ldap/kustomization.yaml similarity index 94% rename from components/werther/kustomization.yaml rename to components/hydra-ldap/kustomization.yaml index 0e88a49..34b655e 100644 --- a/components/werther/kustomization.yaml +++ b/components/hydra-ldap/kustomization.yaml @@ -6,7 +6,7 @@ resources: - ./resources/service.yaml configMapGenerator: - - name: werther-env + - name: hydra-ldap-env literals: - WERTHER_DEV_MODE=false - WERTHER_LDAP_ROLE_CLAIM="https://hydra/claims/roles" @@ -20,7 +20,7 @@ configMapGenerator: - WERTHER_LDAP_CONNECTION_TIMEOUT="10s" secretGenerator: - - name: werther-ldap-sc + - name: hydra-ldap-sc literals: - WERTHER_LDAP_BINDDN="cn=reader,o=test,c=fr" - WERTHER_LDAP_BINDPW=ThisMustBeAbsolutelyChanged diff --git a/components/werther/resources/deployment.yaml b/components/hydra-ldap/resources/deployment.yaml similarity index 81% rename from components/werther/resources/deployment.yaml rename to components/hydra-ldap/resources/deployment.yaml index 8b26d62..40a821e 100644 --- a/components/werther/resources/deployment.yaml +++ b/components/hydra-ldap/resources/deployment.yaml @@ -1,23 +1,20 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: werther + name: hydra-ldap namespace: default labels: - app.kubernetes.io/name: werther - app.kubernetes.io/instance: werther + app.kubernetes.io/name: hydra-ldap app.kubernetes.io/version: "v1.2.2" spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: werther - app.kubernetes.io/instance: werther + app.kubernetes.io/name: hydra-ldap template: metadata: labels: - app.kubernetes.io/name: werther - app.kubernetes.io/instance: werther + app.kubernetes.io/name: hydra-ldap app.kubernetes.io/version: "v1.2.2" spec: containers: @@ -26,7 +23,7 @@ spec: imagePullPolicy: IfNotPresent envFrom: - configMapRef: - name: werther-env + name: hydra-ldap-env env: - name: WERTHER_WEB_DIR value: "/usr/share/werther/login/" diff --git a/components/werther/resources/service.yaml b/components/hydra-ldap/resources/service.yaml similarity index 51% rename from components/werther/resources/service.yaml rename to components/hydra-ldap/resources/service.yaml index 52065e2..4adbddb 100644 --- a/components/werther/resources/service.yaml +++ b/components/hydra-ldap/resources/service.yaml @@ -2,16 +2,16 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: werther - name: werther + io.kompose.service: hydra-ldap + name: hydra-ldap spec: type: ClusterIP ports: - - name: werther + - name: hydra-ldap port: 8080 - targetPort: werther-http + targetPort: hydra-ldap-http protocol: TCP selector: - app.kubernetes.io/name: werther + app.kubernetes.io/name: hydra-ldap status: loadBalancer: {} From 2f3cf6097444e7aface15d96b255760ba7b71e51 Mon Sep 17 00:00:00 2001 From: William Petit Date: Mon, 11 Dec 2023 09:56:27 +0100 Subject: [PATCH 5/6] fix(hydra-ldap): update werther container port name --- components/hydra-ldap/resources/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/hydra-ldap/resources/deployment.yaml b/components/hydra-ldap/resources/deployment.yaml index 40a821e..50fd7f0 100644 --- a/components/hydra-ldap/resources/deployment.yaml +++ b/components/hydra-ldap/resources/deployment.yaml @@ -39,7 +39,7 @@ spec: key: WERTHER_LDAP_BINDPW ports: - containerPort: 8080 - name: werther-http + name: hydra-ldap-http securityContext: allowPrivilegeEscalation: false capabilities: From 6de80b1d9c2b5b62c47f243e69eb20df0114b455 Mon Sep 17 00:00:00 2001 From: William Petit Date: Mon, 11 Dec 2023 10:06:37 +0100 Subject: [PATCH 6/6] fix(hydra-ldap): update werther secret name references --- components/hydra-ldap/resources/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-ldap/resources/deployment.yaml b/components/hydra-ldap/resources/deployment.yaml index 50fd7f0..d330365 100644 --- a/components/hydra-ldap/resources/deployment.yaml +++ b/components/hydra-ldap/resources/deployment.yaml @@ -30,12 +30,12 @@ spec: - name: WERTHER_LDAP_BINDDN valueFrom: secretKeyRef: - name: werther-ldap-sc + name: hydra-ldap-sc key: WERTHER_LDAP_BINDDN - name: WERTHER_LDAP_BINDPW valueFrom: secretKeyRef: - name: werther-ldap-sc + name: hydra-ldap-sc key: WERTHER_LDAP_BINDPW ports: - containerPort: 8080