feat(hydra): add horizontal pod autoscaling

Merge pull request 'Composant "OIDC Test"' (#7 ) from oidc-test-component-2 into develop
Reviewed-on: #7
2023-12-11 16:48:50 +01:00 · 2023-12-11 14:31:37 +01:00 · 2023-12-11 14:29:30 +01:00 · 2023-12-11 13:46:54 +01:00 · 2023-12-11 11:30:50 +01:00 · 2023-12-11 10:47:56 +01:00
13 changed files with 106 additions and 18 deletions
--- a/components/hydra-cnpg-database/kustomization.yaml
+++ b/components/hydra-cnpg-database/kustomization.yaml
@ -29,7 +29,7 @@ vars:
  fieldref:
    fieldpath: metadata.name

-patchesJson6902:
+patches:
 - target:
    group: apps
    version: v1
@ -42,3 +42,9 @@ patchesJson6902:
    kind: Job
    name: hydra-migrate
  path: patches/hydra-migrate-job.yaml
+- target:
+    group: batch
+    version: v1
+    kind: CronJob
+    name: hydra-janitor
+  path: patches/hydra-janitor-cronjob.yaml
--- a/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml
+++ b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml
@ -0,0 +1,21 @@
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_USER
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: username
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: password
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: DSN
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable"
--- a/components/oidc-test/kustomization.yaml
+++ b/components/oidc-test/kustomization.yaml
@ -7,7 +7,7 @@ resources:
  - ./resources/oauth2-client.yaml

 configMapGenerator:
-  - name: oidc-test-env
+  - name: oidc-test
    literals:
      - LOG_LEVEL=0
      - HTTP_ADDRESS=0.0.0.0:8080
--- a/components/oidc-test/resources/deployment.yaml
+++ b/components/oidc-test/resources/deployment.yaml
@ -24,7 +24,7 @@ spec:
          resources: {}
          envFrom:
          - configMapRef:
-              name: oidc-test-env
+              name: oidc-test
          env:
          - name: OIDC_CLIENT_ID
            valueFrom:
--- a/examples/authenticated-app/kustomization.yaml
+++ b/examples/authenticated-app/kustomization.yaml
@ -2,19 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - ../../overlays/base
+  - ../../overlays/full
  - ./resources/ingress.yaml
  - ./resources/saml-idp.yaml
  - ./resources/self-signed-issuer.yaml
  - ./resources/port-forwarder.yaml

-components:
-  - ../../components/hydra-cnpg-database
-  - ../../components/oidc-test
-  #- ../../components/hydra-oidc
-  - ../../components/hydra-saml
-
-
 patchesJson6902:
  - target:
      version: v1
@ -38,7 +31,7 @@ patchesJson6902:
    path: patches/hydra-secret.yaml
  - target:
      version: v1
-      kind: Secret
+      kind: ConfigMap
      name: oidc-test
    path: patches/oidc-test.yaml
  - target:
--- a/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml
+++ b/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml
@ -3,4 +3,4 @@
  value: https://ssokustom/oauth2/callback
 - op: replace
  path: "/spec/postLogoutRedirectUris/0"
-  value: https://ssokustom/oauth2/callback
+  value: https://ssokustom
--- a/examples/authenticated-app/patches/oidc-test.yaml
+++ b/examples/authenticated-app/patches/oidc-test.yaml
@ -1,6 +1,3 @@
- op: replace
-  path: "/data/LOG_LEVEL"
-  value: 0
 - op: replace
  path: "/data/OIDC_REDIRECT_URL"
  value: https://ssokustom/oauth2/callback
--- a/kustomization.yaml
+++ b/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./overlays/base
--- a/overlays/full/kustomization.yaml
+++ b/overlays/full/kustomization.yaml
@ -14,3 +14,4 @@ components:
 - ../../components/hydra-oidc
 - ../../components/hydra-saml
 - ../../components/hydra-sql
+- ../../components/oidc-test
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@ -9,6 +9,8 @@ resources:
  - ./resources/hydra-serviceaccount.yaml
  - ./resources/hydra-migrate-job.yaml
  - ./resources/hydra-maester
+  - ./resources/hydra-janitor-cronjob.yaml
+  - ./resources/hydra-hpa.yaml

 secretGenerator:
  - name: hydra-secret
--- a/resources/hydra/resources/hydra-deployment.yaml
+++ b/resources/hydra/resources/hydra-deployment.yaml
@ -55,6 +55,9 @@ spec:
              name: hydra-public
            - containerPort: 4445
              name: hydra-admin
-          resources: {}
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
      restartPolicy: Always
  
--- a/resources/hydra/resources/hydra-hpa.yaml
+++ b/resources/hydra/resources/hydra-hpa.yaml
@ -0,0 +1,26 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: hydra
+  labels:
+    io.kompose.service: hydra
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: hydra
+  minReplicas: 1
+  maxReplicas: 3
+  metrics:
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 80
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 80
--- a/resources/hydra/resources/hydra-janitor-cronjob.yaml
+++ b/resources/hydra/resources/hydra-janitor-cronjob.yaml
@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hydra-janitor
+  labels:
+    app.kubernetes.io/name: hydra-janitor
+spec:
+  concurrencyPolicy: Forbid
+  schedule: "0 */1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: hydra-janitor
+        spec:
+          restartPolicy: OnFailure
+          serviceAccountName: hydra-sa
+          containers:
+            - name: janitor
+              image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3
+              envFrom:
+              - configMapRef:
+                  name: hydra-env
+              imagePullPolicy: IfNotPresent
+              command: ["hydra"]
+              env: []
+              args:
+                - janitor
+                - --read-from-env
+                - --grants
+                - --requests
+                - --tokens
+              resources: {}
Author	SHA1	Message	Date
Laurent Gourvénec	4cbc6c3972	feat(hydra): add horizontal pod autoscaling	2023-12-11 16:48:50 +01:00
wpetit	8b02e8a875	Merge pull request 'Composant "OIDC Test"' (#7 ) from oidc-test-component-2 into develop Reviewed-on: #7	2023-12-11 14:31:37 +01:00
William Petit	caa180747e	feat: add oidc-test app component	2023-12-11 14:29:30 +01:00
wpetit	4d29851350	Merge pull request 'Ajout de la tâche programmée "janitor" pour Hydra' (#8 ) from hydra-janitor into develop Reviewed-on: #8	2023-12-11 13:46:54 +01:00
William Petit	d88cc2de65	feat(hydra): add janitor cronjob	2023-12-11 11:30:50 +01:00
William Petit	435597f9f1	feat(hydra-dispatcher): update image tag	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	ee2bb1ea45	update hydra-dispatcher probes and image ref	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	63c5d7259c	add probes	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	815917c306	add hydra-sql deployment	2023-12-11 10:47:56 +01:00
Philippe Caseiro	bc6fe46e1c	fix(saml): fixing port name longer than 15c	2023-12-11 10:47:56 +01:00
Philippe Caseiro	1b1cc27916	feat(hydra-sql): adding new hydra login app	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d37e85000f	set correct tag for hydra-oidc	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d9570ec8d0	add imagepullpolicy rule	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d56ae059a3	remove loginapp default app configmap	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	5ec48c8b22	update config default apps filename	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	aaae6e2f20	set default configuration	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	081e854454	correciton config	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	3dba6c0d69	set hydra-oidc side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	8c6dc30bde	set hydra-dispatcher side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	4ff0f83880	set hydra-dispatcher side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	e93bc069d3	set correct path for hydra-dispatcher conf	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	a56089efe5	Utilisation images symfony-containers	2023-12-11 10:47:56 +01:00
wpetit	c4998279d5	Merge pull request 'feat(component): adding hydra-ldap' (#6 ) from f/werther into master Reviewed-on: #6	2023-12-11 10:13:18 +01:00
William Petit	6de80b1d9c	fix(hydra-ldap): update werther secret name references	2023-12-11 10:06:37 +01:00
William Petit	2f3cf60974	fix(hydra-ldap): update werther container port name	2023-12-11 09:56:27 +01:00
William Petit	bf865b02e2	feat(hydra-ldap): rename resources from werther to hydra-ldap	2023-12-11 09:50:33 +01:00
Laurent Gourvénec	063b575117	feat(werther): update image	2023-12-06 15:38:40 +01:00
Laurent Gourvénec	38d3f1c1df	feat(werther): adding a timeout for LDAP connection	2023-12-06 14:40:24 +01:00
Laurent Gourvénec	6acda0553e	feat(component): adding werther	2023-11-29 10:22:33 +01:00