Compare commits
30 Commits
oidc-test-
...
pc-master
| Author | SHA1 | Date | |
|---|---|---|---|
| 37211ff6a0 | |||
| 86754cf518 | |||
| 8b02e8a875 | |||
| caa180747e | |||
| 4d29851350 | |||
| d88cc2de65 | |||
| 435597f9f1 | |||
| ee2bb1ea45 | |||
| 63c5d7259c | |||
| 815917c306 | |||
| bc6fe46e1c | |||
| 1b1cc27916 | |||
| d37e85000f | |||
| d9570ec8d0 | |||
| d56ae059a3 | |||
| 5ec48c8b22 | |||
| aaae6e2f20 | |||
| 081e854454 | |||
| 3dba6c0d69 | |||
| 8c6dc30bde | |||
| 4ff0f83880 | |||
| e93bc069d3 | |||
| a56089efe5 | |||
| c4998279d5 | |||
| 6de80b1d9c | |||
| 2f3cf60974 | |||
| bf865b02e2 | |||
| 063b575117 | |||
| 38d3f1c1df | |||
| 6acda0553e |
@ -29,7 +29,7 @@ vars:
|
|||||||
fieldref:
|
fieldref:
|
||||||
fieldpath: metadata.name
|
fieldpath: metadata.name
|
||||||
|
|
||||||
patchesJson6902:
|
patches:
|
||||||
- target:
|
- target:
|
||||||
group: apps
|
group: apps
|
||||||
version: v1
|
version: v1
|
||||||
@ -42,3 +42,9 @@ patchesJson6902:
|
|||||||
kind: Job
|
kind: Job
|
||||||
name: hydra-migrate
|
name: hydra-migrate
|
||||||
path: patches/hydra-migrate-job.yaml
|
path: patches/hydra-migrate-job.yaml
|
||||||
|
- target:
|
||||||
|
group: batch
|
||||||
|
version: v1
|
||||||
|
kind: CronJob
|
||||||
|
name: hydra-janitor
|
||||||
|
path: patches/hydra-janitor-cronjob.yaml
|
||||||
|
|||||||
@ -0,0 +1,21 @@
|
|||||||
|
- op: add
|
||||||
|
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
||||||
|
value:
|
||||||
|
name: HYDRA_DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: hydra-postgres-user
|
||||||
|
key: username
|
||||||
|
- op: add
|
||||||
|
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
||||||
|
value:
|
||||||
|
name: HYDRA_DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: hydra-postgres-user
|
||||||
|
key: password
|
||||||
|
- op: add
|
||||||
|
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
||||||
|
value:
|
||||||
|
name: DSN
|
||||||
|
value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable"
|
||||||
@ -2,19 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ../../overlays/base
|
- ../../overlays/full
|
||||||
- ./resources/ingress.yaml
|
- ./resources/ingress.yaml
|
||||||
- ./resources/saml-idp.yaml
|
- ./resources/saml-idp.yaml
|
||||||
- ./resources/self-signed-issuer.yaml
|
- ./resources/self-signed-issuer.yaml
|
||||||
- ./resources/port-forwarder.yaml
|
- ./resources/port-forwarder.yaml
|
||||||
|
|
||||||
components:
|
|
||||||
- ../../components/hydra-cnpg-database
|
|
||||||
- ../../components/oidc-test
|
|
||||||
#- ../../components/hydra-oidc
|
|
||||||
- ../../components/hydra-saml
|
|
||||||
|
|
||||||
|
|
||||||
patchesJson6902:
|
patchesJson6902:
|
||||||
- target:
|
- target:
|
||||||
version: v1
|
version: v1
|
||||||
@ -38,7 +31,7 @@ patchesJson6902:
|
|||||||
path: patches/hydra-secret.yaml
|
path: patches/hydra-secret.yaml
|
||||||
- target:
|
- target:
|
||||||
version: v1
|
version: v1
|
||||||
kind: Secret
|
kind: ConfigMap
|
||||||
name: oidc-test
|
name: oidc-test
|
||||||
path: patches/oidc-test.yaml
|
path: patches/oidc-test.yaml
|
||||||
- target:
|
- target:
|
||||||
|
|||||||
@ -3,4 +3,4 @@
|
|||||||
value: https://ssokustom/oauth2/callback
|
value: https://ssokustom/oauth2/callback
|
||||||
- op: replace
|
- op: replace
|
||||||
path: "/spec/postLogoutRedirectUris/0"
|
path: "/spec/postLogoutRedirectUris/0"
|
||||||
value: https://ssokustom/oauth2/callback
|
value: https://ssokustom
|
||||||
@ -1,6 +1,3 @@
|
|||||||
- op: replace
|
|
||||||
path: "/data/LOG_LEVEL"
|
|
||||||
value: 0
|
|
||||||
- op: replace
|
- op: replace
|
||||||
path: "/data/OIDC_REDIRECT_URL"
|
path: "/data/OIDC_REDIRECT_URL"
|
||||||
value: https://ssokustom/oauth2/callback
|
value: https://ssokustom/oauth2/callback
|
||||||
|
|||||||
5
kustomization.yaml
Normal file
5
kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./overlays/base
|
||||||
@ -14,3 +14,4 @@ components:
|
|||||||
- ../../components/hydra-oidc
|
- ../../components/hydra-oidc
|
||||||
- ../../components/hydra-saml
|
- ../../components/hydra-saml
|
||||||
- ../../components/hydra-sql
|
- ../../components/hydra-sql
|
||||||
|
- ../../components/oidc-test
|
||||||
@ -9,6 +9,7 @@ resources:
|
|||||||
- ./resources/hydra-serviceaccount.yaml
|
- ./resources/hydra-serviceaccount.yaml
|
||||||
- ./resources/hydra-migrate-job.yaml
|
- ./resources/hydra-migrate-job.yaml
|
||||||
- ./resources/hydra-maester
|
- ./resources/hydra-maester
|
||||||
|
- ./resources/hydra-janitor-cronjob.yaml
|
||||||
|
|
||||||
secretGenerator:
|
secretGenerator:
|
||||||
- name: hydra-secret
|
- name: hydra-secret
|
||||||
|
|||||||
34
resources/hydra/resources/hydra-janitor-cronjob.yaml
Normal file
34
resources/hydra/resources/hydra-janitor-cronjob.yaml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
apiVersion: batch/v1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: hydra-janitor
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: hydra-janitor
|
||||||
|
spec:
|
||||||
|
concurrencyPolicy: Forbid
|
||||||
|
schedule: "0 */1 * * *"
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: hydra-janitor
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: hydra-sa
|
||||||
|
containers:
|
||||||
|
- name: janitor
|
||||||
|
image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: hydra-env
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["hydra"]
|
||||||
|
env: []
|
||||||
|
args:
|
||||||
|
- janitor
|
||||||
|
- --read-from-env
|
||||||
|
- --grants
|
||||||
|
- --requests
|
||||||
|
- --tokens
|
||||||
|
resources: {}
|
||||||
@ -2,12 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ./resources/hydra-maester-deployment.yaml
|
- ./resources/hydra-maester-deployment.yaml
|
||||||
- ./resources/hydra-maester-rbac.yaml
|
- ./resources/hydra-maester-rbac.yaml
|
||||||
- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
|
|
||||||
|
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: hydra-maester-env
|
- name: hydra-maester-env
|
||||||
literals:
|
literals:
|
||||||
- APP_ENV=prod
|
- APP_ENV=prod
|
||||||
- APP_DEBUG=false
|
- APP_DEBUG=false
|
||||||
|
|||||||
Reference in New Issue
Block a user