Compare commits

...

24 Commits

Author SHA1 Message Date
wpetit 435597f9f1 feat(hydra-dispatcher): update image tag 2023-12-11 10:47:56 +01:00
Matthieu Lamalle ee2bb1ea45 update hydra-dispatcher probes and image ref 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 63c5d7259c add probes 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 815917c306 add hydra-sql deployment 2023-12-11 10:47:56 +01:00
Philippe Caseiro bc6fe46e1c fix(saml): fixing port name longer than 15c 2023-12-11 10:47:56 +01:00
Philippe Caseiro 1b1cc27916 feat(hydra-sql): adding new hydra login app 2023-12-11 10:47:56 +01:00
Matthieu Lamalle d37e85000f set correct tag for hydra-oidc 2023-12-11 10:47:56 +01:00
Matthieu Lamalle d9570ec8d0 add imagepullpolicy rule 2023-12-11 10:47:56 +01:00
Matthieu Lamalle d56ae059a3 remove loginapp default app configmap 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 5ec48c8b22 update config default apps filename 2023-12-11 10:47:56 +01:00
Matthieu Lamalle aaae6e2f20 set default configuration 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 081e854454 correciton config 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 3dba6c0d69 set hydra-oidc side container 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 8c6dc30bde set hydra-dispatcher side container 2023-12-11 10:47:56 +01:00
Matthieu Lamalle 4ff0f83880 set hydra-dispatcher side container 2023-12-11 10:47:56 +01:00
Matthieu Lamalle e93bc069d3 set correct path for hydra-dispatcher conf 2023-12-11 10:47:56 +01:00
Matthieu Lamalle a56089efe5 Utilisation images symfony-containers 2023-12-11 10:47:56 +01:00
wpetit c4998279d5 Merge pull request 'feat(component): adding hydra-ldap' (#6) from f/werther into master
Reviewed-on: #6
2023-12-11 10:13:18 +01:00
wpetit 6de80b1d9c fix(hydra-ldap): update werther secret name references 2023-12-11 10:06:37 +01:00
wpetit 2f3cf60974 fix(hydra-ldap): update werther container port name 2023-12-11 09:56:27 +01:00
wpetit bf865b02e2 feat(hydra-ldap): rename resources from werther to hydra-ldap 2023-12-11 09:50:33 +01:00
Laurent Gourvenec 063b575117 feat(werther): update image 2023-12-06 15:38:40 +01:00
Laurent Gourvenec 38d3f1c1df feat(werther): adding a timeout for LDAP connection 2023-12-06 14:40:24 +01:00
Laurent Gourvenec 6acda0553e feat(component): adding werther 2023-11-29 10:22:33 +01:00
16 changed files with 379 additions and 23 deletions

View File

@ -0,0 +1,26 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./resources/deployment.yaml
- ./resources/service.yaml
configMapGenerator:
- name: hydra-ldap-env
literals:
- WERTHER_DEV_MODE=false
- WERTHER_LDAP_ROLE_CLAIM="https://hydra/claims/roles"
- WERTHER_SKIP_SSL_VERIFICATIONS=false
- WERTHER_IDENTP_CLAIM_SCOPES="name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fhydra%2Fclaims%2Froles:roles"
- WERTHER_IDENTP_HYDRA_URL="http://hydra:4444"
- WERTHER_LDAP_ENDPOINTS="ldap.test.fr:636"
- WERTHER_LDAP_IS_TLS=true
- WERTHER_LDAP_BASEDN="o=test,c=fr"
- WERTHER_LDAP_ROLE_BASEDN="ou=groups,o=test,c=fr"
- WERTHER_LDAP_CONNECTION_TIMEOUT="10s"
secretGenerator:
- name: hydra-ldap-sc
literals:
- WERTHER_LDAP_BINDDN="cn=reader,o=test,c=fr"
- WERTHER_LDAP_BINDPW=ThisMustBeAbsolutelyChanged

View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: hydra-ldap
namespace: default
labels:
app.kubernetes.io/name: hydra-ldap
app.kubernetes.io/version: "v1.2.2"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: hydra-ldap
template:
metadata:
labels:
app.kubernetes.io/name: hydra-ldap
app.kubernetes.io/version: "v1.2.2"
spec:
containers:
- name: werther
image: reg.cadoles.com/cadoles/hydra-werther:2023.12.6-stable.1421.15a4717
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: hydra-ldap-env
env:
- name: WERTHER_WEB_DIR
value: "/usr/share/werther/login/"
- name: WERTHER_LDAP_BINDDN
valueFrom:
secretKeyRef:
name: hydra-ldap-sc
key: WERTHER_LDAP_BINDDN
- name: WERTHER_LDAP_BINDPW
valueFrom:
secretKeyRef:
name: hydra-ldap-sc
key: WERTHER_LDAP_BINDPW
ports:
- containerPort: 8080
name: hydra-ldap-http
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 100

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: hydra-ldap
name: hydra-ldap
spec:
type: ClusterIP
ports:
- name: hydra-ldap
port: 8080
targetPort: hydra-ldap-http
protocol: TCP
selector:
app.kubernetes.io/name: hydra-ldap
status:
loadBalancer: {}

View File

@ -10,3 +10,4 @@ hydra:
login_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGIN_URL)%" login_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGIN_URL)%"
consent_url: "%env(string:HYDRA_DISPATCHER_OIDC_CONSENT_URL)%" consent_url: "%env(string:HYDRA_DISPATCHER_OIDC_CONSENT_URL)%"
logout_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGOUT_URL)%" logout_url: "%env(string:HYDRA_DISPATCHER_OIDC_LOGOUT_URL)%"
attributes_rewrite_configuration: []

View File

@ -10,6 +10,8 @@ configMapGenerator:
literals: literals:
- APP_ENV=prod - APP_ENV=prod
- APP_DEBUG=false - APP_DEBUG=false
- PHP_FPM_MEMORY_LIMIT=256m
- NGINX_APP_SERVER_LISTEN=80
- HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher
- OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize
- OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token
@ -24,10 +26,10 @@ configMapGenerator:
- CLIENT_SECRET_FC=MyClientSecret - CLIENT_SECRET_FC=MyClientSecret
- COOKIE_PATH=/ - COOKIE_PATH=/
- TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
- name: hydra-dispatcher-apps # - name: hydra-dispatcher-apps
behavior: merge # behavior: merge
files: # files:
- ./files/hydra/oidc.yaml # - apps.yaml=./files/hydra/oidc.yaml
patchesJson6902: patchesJson6902:
- target: - target:

View File

@ -17,13 +17,70 @@ spec:
io.kompose.service: hydra-oidc io.kompose.service: hydra-oidc
spec: spec:
containers: containers:
- name: hydra-oidc - name: hydra-oidc-php-fpm
image: reg.cadoles.com/cadoles/hydra-oidc-v1:v0.0.0-170-g485b138 image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035
imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe:
exec:
command:
- sh
- -c
- test -f /etc/php81/php-fpm.d/www.conf
livenessProbe:
exec:
command:
- php
- bin/console
- -V
initialDelaySeconds: 10
periodSeconds: 30
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-oidc-env name: hydra-oidc-env
resources: {}
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035
imagePullPolicy: Always
name: hydra-oidc-nginx
args: ["/usr/sbin/nginx"]
readinessProbe:
httpGet:
path: /healthy
port: 80
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthy
port: 80
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 15
envFrom:
- configMapRef:
name: hydra-oidc-env
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public/"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports: ports:
- containerPort: 80 - containerPort: 8080
resources: {} resources: {}
restartPolicy: Always restartPolicy: Always

View File

@ -0,0 +1,7 @@
sql_login:
login_column_name: mail
password_column_name: password
salt_column_name: salt
table_name: user
data_to_fetch:
- mail

View File

@ -0,0 +1,23 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./resources/hydra-sql-service.yaml
- ./resources/hydra-sql-deployment.yaml
configMapGenerator:
- name: hydra-sql-env
literals:
- ISSUER_URL="http://localhost:8000"
- BASE_URL='http://localhost:8080'
- HYDRA_ADMIN_BASE_URL='http://hydra:4445/admin'
- APP_LOCALES="fr,en"
- HASH_ALGO_LEGACY="sha256, bcrypt"
- SECURITY_PATTERN="password,salt,pepper"
- DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
- DB_USER="makeMeASecret"
- DB_PASSWORD="makeMeASecret"
- PEPPER="MakeMeABigSecret"
- name: sql-login-config
files:
- ./files/sql_login.yaml

View File

@ -0,0 +1,100 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: hydra-sql
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: hydra-sql
spec:
containers:
- name: hydra-sql-fpm
image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1
imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe:
exec:
command:
- sh
- -c
- test -f /etc/php81/php-fpm.d/www.conf
livenessProbe:
exec:
command:
- php
- bin/console
- -V
initialDelaySeconds: 10
periodSeconds: 30
resources: {}
envFrom:
- configMapRef:
name: hydra-sql-env
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
volumeMounts:
- name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml"
- name: hydra-sql-nginx
image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1
imagePullPolicy: Always
args: ["/usr/sbin/nginx"]
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 15
envFrom:
- configMapRef:
name: hydra-sql-env
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
resources: {}
ports:
- containerPort: 8080
volumeMounts:
- name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml"
volumes:
- name: sql-login-config
configMap:
name: sql-login-config
restartPolicy: Always

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
ports:
- name: hydra-sql
port: 8080
selector:
io.kompose.service: hydra-sql
status:
loadBalancer: {}

View File

@ -9,3 +9,4 @@ components:
- ./components/hydra-cnpg-database - ./components/hydra-cnpg-database
- ./components/hydra-oidc - ./components/hydra-oidc
- ./components/hydra-saml - ./components/hydra-saml
- ./components/hydra-sql

View File

@ -10,6 +10,8 @@ configMapGenerator:
literals: literals:
- APP_ENV=prod - APP_ENV=prod
- APP_DEBUG=false - APP_DEBUG=false
- PHP_FPM_MEMORY_LIMIT=256m
- NGINX_APP_SERVER_LISTEN=80
- HYDRA_BASE_URL=http://hydra:4444 - HYDRA_BASE_URL=http://hydra:4444
- HYDRA_ADMIN_BASE_URL=http://hydra:4445 - HYDRA_ADMIN_BASE_URL=http://hydra:4445
- HYDRA_REWRITE_ISSUER=yes - HYDRA_REWRITE_ISSUER=yes
@ -21,4 +23,4 @@ configMapGenerator:
- APP_LOCALES=fr,en - APP_LOCALES=fr,en
- name: hydra-dispatcher-apps - name: hydra-dispatcher-apps
files: files:
- ./files/hydra/default.yaml - apps.yaml=./files/hydra/default.yaml

View File

@ -17,20 +17,75 @@ spec:
io.kompose.service: hydra-dispatcher io.kompose.service: hydra-dispatcher
spec: spec:
containers: containers:
- name: hydra-dispatcher - name: hydra-dispatcher-php-fpm
image: reg.cadoles.com/cadoles/hydra-dispatcher-v1:v0.0.0-238-g7236416 image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe:
exec:
command:
- sh
- -c
- test -f /etc/php81/php-fpm.d/www.conf
livenessProbe:
exec:
command:
- php
- bin/console
- -V
initialDelaySeconds: 10
periodSeconds: 30
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-dispatcher-env name: hydra-dispatcher-env
volumeMounts: volumeMounts:
- mountPath: /var/www/config/hydra - mountPath: /app/config/hydra
name: hydra-dispatcher-apps name: hydra-dispatcher-apps
resources: {}
- image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359
imagePullPolicy: Always
name: hydra-dispatcher-nginx
args: ["/usr/sbin/nginx"]
readinessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 15
envFrom:
- configMapRef:
name: hydra-dispatcher-env
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public/"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports: ports:
- containerPort: 80 - containerPort: 8080
resources: {} resources: {}
restartPolicy: Always restartPolicy: Always
volumes: volumes:
- name: hydra-dispatcher-apps - name: hydra-dispatcher-apps
configMap: configMap:
name: hydra-dispatcher-apps name: hydra-dispatcher-apps