fix(oidc-tester): fix oauth secret keys

fix(master): correct image tagwq
fix(master): update maester version
2024-03-14 09:26:44 +01:00 · 2024-03-14 09:10:00 +01:00 · 2024-03-14 09:08:44 +01:00 · 2024-03-14 09:02:25 +01:00 · 2023-12-11 17:33:02 +01:00 · 2023-12-11 14:31:37 +01:00
12 changed files with 127 additions and 71 deletions
--- a/components/hydra-cnpg-database/kustomization.yaml
+++ b/components/hydra-cnpg-database/kustomization.yaml
@ -29,7 +29,7 @@ vars:
  fieldref:
    fieldpath: metadata.name

-patchesJson6902:
+patches:
 - target:
    group: apps
    version: v1
@ -42,3 +42,9 @@ patchesJson6902:
    kind: Job
    name: hydra-migrate
  path: patches/hydra-migrate-job.yaml
+- target:
+    group: batch
+    version: v1
+    kind: CronJob
+    name: hydra-janitor
+  path: patches/hydra-janitor-cronjob.yaml
--- a/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml
+++ b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml
@ -0,0 +1,21 @@
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_USER
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: username
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: HYDRA_DATABASE_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: hydra-postgres-user
+        key: password
+- op: add
+  path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
+  value:
+    name: DSN
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable"
--- a/components/oidc-test/resources/deployment.yaml
+++ b/components/oidc-test/resources/deployment.yaml
@ -17,23 +17,23 @@ spec:
        app.kubernetes.io/name: oidc-test
    spec:
      containers:
-        - image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
-          name: oidc-test
-          ports:
-            - containerPort: 8080
-          resources: {}
-          envFrom:
-          - configMapRef:
-              name: oidc-test-env
-          env:
-          - name: OIDC_CLIENT_ID
-            valueFrom:
-              secretKeyRef:
-                name: oidc-test-oauth2-client
-                key: client_id
-          - name: OIDC_CLIENT_SECRET
-            valueFrom:
-              secretKeyRef:
-                name: oidc-test-oauth2-client
-                key: client_secret
+      - image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
+        name: oidc-test
+        ports:
+        - containerPort: 8080
+        resources: {}
+        envFrom:
+        - configMapRef:
+            name: oidc-test-env
+        env:
+        - name: OIDC_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: oidc-test-oauth2-client
+              key: CLIENT_ID
+        - name: OIDC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: oidc-test-oauth2-client
+              key: CLIENT_SECRET
      restartPolicy: Always
--- a/examples/authenticated-app/kustomization.yaml
+++ b/examples/authenticated-app/kustomization.yaml
@ -2,19 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - ../../overlays/base
+  - ../../overlays/full
  - ./resources/ingress.yaml
  - ./resources/saml-idp.yaml
  - ./resources/self-signed-issuer.yaml
  - ./resources/port-forwarder.yaml

-components:
-  - ../../components/hydra-cnpg-database
-  - ../../components/oidc-test
-  #- ../../components/hydra-oidc
-  - ../../components/hydra-saml
-
-
 patchesJson6902:
  - target:
      version: v1
@ -38,7 +31,7 @@ patchesJson6902:
    path: patches/hydra-secret.yaml
  - target:
      version: v1
-      kind: Secret
+      kind: ConfigMap
      name: oidc-test
    path: patches/oidc-test.yaml
  - target:
--- a/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml
+++ b/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml
@ -3,4 +3,4 @@
  value: https://ssokustom/oauth2/callback
 - op: replace
  path: "/spec/postLogoutRedirectUris/0"
-  value: https://ssokustom/oauth2/callback
+  value: https://ssokustom
--- a/examples/authenticated-app/patches/oidc-test.yaml
+++ b/examples/authenticated-app/patches/oidc-test.yaml
@ -1,6 +1,3 @@
- op: replace
-  path: "/data/LOG_LEVEL"
-  value: 0
 - op: replace
  path: "/data/OIDC_REDIRECT_URL"
  value: https://ssokustom/oauth2/callback
--- a/kustomization.yaml
+++ b/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./overlays/base
--- a/overlays/full/kustomization.yaml
+++ b/overlays/full/kustomization.yaml
@ -13,4 +13,5 @@ components:
 - ../../components/hydra-cnpg-database
 - ../../components/hydra-oidc
 - ../../components/hydra-saml
- ../../components/hydra-sql
+- ../../components/hydra-sql
+- ../../components/oidc-test
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@ -9,6 +9,7 @@ resources:
  - ./resources/hydra-serviceaccount.yaml
  - ./resources/hydra-migrate-job.yaml
  - ./resources/hydra-maester
+  - ./resources/hydra-janitor-cronjob.yaml

 secretGenerator:
  - name: hydra-secret
--- a/resources/hydra/resources/hydra-janitor-cronjob.yaml
+++ b/resources/hydra/resources/hydra-janitor-cronjob.yaml
@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hydra-janitor
+  labels:
+    app.kubernetes.io/name: hydra-janitor
+spec:
+  concurrencyPolicy: Forbid
+  schedule: "0 */1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: hydra-janitor
+        spec:
+          restartPolicy: OnFailure
+          serviceAccountName: hydra-sa
+          containers:
+            - name: janitor
+              image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3
+              envFrom:
+              - configMapRef:
+                  name: hydra-env
+              imagePullPolicy: IfNotPresent
+              command: ["hydra"]
+              env: []
+              args:
+                - janitor
+                - --read-from-env
+                - --grants
+                - --requests
+                - --tokens
+              resources: {}
--- a/resources/hydra/resources/hydra-maester/kustomization.yaml
+++ b/resources/hydra/resources/hydra-maester/kustomization.yaml
@ -2,14 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - ./resources/hydra-maester-deployment.yaml
-  - ./resources/hydra-maester-rbac.yaml
-  - https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+- ./resources/hydra-maester-deployment.yaml
+- ./resources/hydra-maester-rbac.yaml
+#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml

 configMapGenerator:
-  - name: hydra-maester-env
-    literals:
-      - APP_ENV=prod
-      - APP_DEBUG=false
-      - HYDRA_ADMIN_BASE_URL=http://hydra
-      - HYDRA_ADMIN_PORT=4445
+- name: hydra-maester-env
+  literals:
+  - APP_ENV=prod
+  - APP_DEBUG=false
+  - HYDRA_ADMIN_BASE_URL=http://hydra
+  - HYDRA_ADMIN_PORT=4445
--- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
+++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
@ -1,4 +1,3 @@
---
 # Source: hydra/charts/hydra-maester/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
@ -7,7 +6,7 @@ metadata:
  labels:
    app.kubernetes.io/name: hydra-maester
    app.kubernetes.io/instance: hydra-master
-    app.kubernetes.io/version: "v0.0.23"
+    app.kubernetes.io/version: "v0.0.32"
 spec:
  replicas: 1
  revisionHistoryLimit: 10
@ -25,32 +24,31 @@ spec:
      annotations:
    spec:
      containers:
-        - name: hydra-maester
-          image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
-          imagePullPolicy: IfNotPresent
-          envFrom:
-            - configMapRef:
-                name: hydra-maester-env
-          command:
-            - /manager
-          args:
-            - --metrics-addr=127.0.0.1:8080
-            - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
-            - --hydra-port=$(HYDRA_ADMIN_PORT)
-            - --endpoint=/admin/clients
-          resources:
-            {}
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            runAsUser: 1000
+      - name: hydra-maester
+        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.32-amd64
+        imagePullPolicy: IfNotPresent
+        envFrom:
+        - configMapRef:
+            name: hydra-maester-env
+        command:
+        - /manager
+        args:
+        - --metrics-addr=127.0.0.1:8080
+        - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
+        - --hydra-port=$(HYDRA_ADMIN_PORT)
+        - --endpoint=/admin/clients
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
      serviceAccountName: hydra-maester-account
      automountServiceAccountToken: true
      nodeSelector:
Author	SHA1	Message	Date
Philippe Caseiro	320d494e8d	fix(oidc-tester): fix oauth secret keys	2024-03-14 09:26:44 +01:00
Philippe Caseiro	1c5eb098f8	fix(master): correct image tagwq	2024-03-14 09:10:00 +01:00
Philippe Caseiro	3aedee1f9f	fix(master): update maester version	2024-03-14 09:08:44 +01:00
Philippe Caseiro	c184fc6b9c	fix(crds): do not install crds never ever	2024-03-14 09:02:25 +01:00
Laurent Gourvénec	86754cf518	cosmetic(oidc-test): rename CM oidc-test to oidc-test-env	2023-12-11 17:33:02 +01:00
wpetit	8b02e8a875	Merge pull request 'Composant "OIDC Test"' (#7 ) from oidc-test-component-2 into develop Reviewed-on: #7	2023-12-11 14:31:37 +01:00
William Petit	caa180747e	feat: add oidc-test app component	2023-12-11 14:29:30 +01:00
wpetit	4d29851350	Merge pull request 'Ajout de la tâche programmée "janitor" pour Hydra' (#8 ) from hydra-janitor into develop Reviewed-on: #8	2023-12-11 13:46:54 +01:00
William Petit	d88cc2de65	feat(hydra): add janitor cronjob	2023-12-11 11:30:50 +01:00
William Petit	435597f9f1	feat(hydra-dispatcher): update image tag	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	ee2bb1ea45	update hydra-dispatcher probes and image ref	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	63c5d7259c	add probes	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	815917c306	add hydra-sql deployment	2023-12-11 10:47:56 +01:00
Philippe Caseiro	bc6fe46e1c	fix(saml): fixing port name longer than 15c	2023-12-11 10:47:56 +01:00
Philippe Caseiro	1b1cc27916	feat(hydra-sql): adding new hydra login app	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d37e85000f	set correct tag for hydra-oidc	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d9570ec8d0	add imagepullpolicy rule	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	d56ae059a3	remove loginapp default app configmap	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	5ec48c8b22	update config default apps filename	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	aaae6e2f20	set default configuration	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	081e854454	correciton config	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	3dba6c0d69	set hydra-oidc side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	8c6dc30bde	set hydra-dispatcher side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	4ff0f83880	set hydra-dispatcher side container	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	e93bc069d3	set correct path for hydra-dispatcher conf	2023-12-11 10:47:56 +01:00
Matthieu Lamalle	a56089efe5	Utilisation images symfony-containers	2023-12-11 10:47:56 +01:00
wpetit	c4998279d5	Merge pull request 'feat(component): adding hydra-ldap' (#6 ) from f/werther into master Reviewed-on: #6	2023-12-11 10:13:18 +01:00
William Petit	6de80b1d9c	fix(hydra-ldap): update werther secret name references	2023-12-11 10:06:37 +01:00
William Petit	2f3cf60974	fix(hydra-ldap): update werther container port name	2023-12-11 09:56:27 +01:00
William Petit	bf865b02e2	feat(hydra-ldap): rename resources from werther to hydra-ldap	2023-12-11 09:50:33 +01:00
Laurent Gourvénec	063b575117	feat(werther): update image	2023-12-06 15:38:40 +01:00
Laurent Gourvénec	38d3f1c1df	feat(werther): adding a timeout for LDAP connection	2023-12-06 14:40:24 +01:00
Laurent Gourvénec	6acda0553e	feat(component): adding werther	2023-11-29 10:22:33 +01:00