Compare commits
26 Commits
pc-master
...
oidc-test-
| Author | SHA1 | Date | |
|---|---|---|---|
| 02a6cdd035 | |||
| ad1c9d2bc3 | |||
| ddbedf45ee | |||
| fec08c3d50 | |||
| 2db406470a | |||
| 60af2f7a7f | |||
| d557eae1c2 | |||
| d43645dcdd | |||
| c24f40d45f | |||
| 93895720d9 | |||
| c0865d9bf6 | |||
| 87bbdcdd55 | |||
| 61cc316e1c | |||
| 24b69b0146 | |||
| 62b63c2e87 | |||
| 1cbfa69e70 | |||
| 56b8240e59 | |||
| 3a125101e1 | |||
| 738fa46970 | |||
| ff2bd411ab | |||
| 1f24a92dc3 | |||
| 6920de878e | |||
| aab1770988 | |||
| 9e897057a3 | |||
| da756c5e07 | |||
| a21be87c46 |
@ -29,7 +29,7 @@ vars:
|
|||||||
fieldref:
|
fieldref:
|
||||||
fieldpath: metadata.name
|
fieldpath: metadata.name
|
||||||
|
|
||||||
patches:
|
patchesJson6902:
|
||||||
- target:
|
- target:
|
||||||
group: apps
|
group: apps
|
||||||
version: v1
|
version: v1
|
||||||
@ -42,9 +42,3 @@ patches:
|
|||||||
kind: Job
|
kind: Job
|
||||||
name: hydra-migrate
|
name: hydra-migrate
|
||||||
path: patches/hydra-migrate-job.yaml
|
path: patches/hydra-migrate-job.yaml
|
||||||
- target:
|
|
||||||
group: batch
|
|
||||||
version: v1
|
|
||||||
kind: CronJob
|
|
||||||
name: hydra-janitor
|
|
||||||
path: patches/hydra-janitor-cronjob.yaml
|
|
||||||
|
|||||||
@ -1,21 +0,0 @@
|
|||||||
- op: add
|
|
||||||
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: HYDRA_DATABASE_USER
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: hydra-postgres-user
|
|
||||||
key: username
|
|
||||||
- op: add
|
|
||||||
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: HYDRA_DATABASE_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: hydra-postgres-user
|
|
||||||
key: password
|
|
||||||
- op: add
|
|
||||||
path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: DSN
|
|
||||||
value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable"
|
|
||||||
@ -2,12 +2,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ../../overlays/full
|
- ../../overlays/base
|
||||||
- ./resources/ingress.yaml
|
- ./resources/ingress.yaml
|
||||||
- ./resources/saml-idp.yaml
|
- ./resources/saml-idp.yaml
|
||||||
- ./resources/self-signed-issuer.yaml
|
- ./resources/self-signed-issuer.yaml
|
||||||
- ./resources/port-forwarder.yaml
|
- ./resources/port-forwarder.yaml
|
||||||
|
|
||||||
|
components:
|
||||||
|
- ../../components/hydra-cnpg-database
|
||||||
|
- ../../components/oidc-test
|
||||||
|
#- ../../components/hydra-oidc
|
||||||
|
- ../../components/hydra-saml
|
||||||
|
|
||||||
|
|
||||||
patchesJson6902:
|
patchesJson6902:
|
||||||
- target:
|
- target:
|
||||||
version: v1
|
version: v1
|
||||||
@ -31,7 +38,7 @@ patchesJson6902:
|
|||||||
path: patches/hydra-secret.yaml
|
path: patches/hydra-secret.yaml
|
||||||
- target:
|
- target:
|
||||||
version: v1
|
version: v1
|
||||||
kind: ConfigMap
|
kind: Secret
|
||||||
name: oidc-test
|
name: oidc-test
|
||||||
path: patches/oidc-test.yaml
|
path: patches/oidc-test.yaml
|
||||||
- target:
|
- target:
|
||||||
|
|||||||
@ -3,4 +3,4 @@
|
|||||||
value: https://ssokustom/oauth2/callback
|
value: https://ssokustom/oauth2/callback
|
||||||
- op: replace
|
- op: replace
|
||||||
path: "/spec/postLogoutRedirectUris/0"
|
path: "/spec/postLogoutRedirectUris/0"
|
||||||
value: https://ssokustom
|
value: https://ssokustom/oauth2/callback
|
||||||
@ -1,3 +1,6 @@
|
|||||||
|
- op: replace
|
||||||
|
path: "/data/LOG_LEVEL"
|
||||||
|
value: 0
|
||||||
- op: replace
|
- op: replace
|
||||||
path: "/data/OIDC_REDIRECT_URL"
|
path: "/data/OIDC_REDIRECT_URL"
|
||||||
value: https://ssokustom/oauth2/callback
|
value: https://ssokustom/oauth2/callback
|
||||||
|
|||||||
@ -1,5 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ./overlays/base
|
|
||||||
@ -14,4 +14,3 @@ components:
|
|||||||
- ../../components/hydra-oidc
|
- ../../components/hydra-oidc
|
||||||
- ../../components/hydra-saml
|
- ../../components/hydra-saml
|
||||||
- ../../components/hydra-sql
|
- ../../components/hydra-sql
|
||||||
- ../../components/oidc-test
|
|
||||||
@ -9,7 +9,6 @@ resources:
|
|||||||
- ./resources/hydra-serviceaccount.yaml
|
- ./resources/hydra-serviceaccount.yaml
|
||||||
- ./resources/hydra-migrate-job.yaml
|
- ./resources/hydra-migrate-job.yaml
|
||||||
- ./resources/hydra-maester
|
- ./resources/hydra-maester
|
||||||
- ./resources/hydra-janitor-cronjob.yaml
|
|
||||||
|
|
||||||
secretGenerator:
|
secretGenerator:
|
||||||
- name: hydra-secret
|
- name: hydra-secret
|
||||||
|
|||||||
@ -1,34 +0,0 @@
|
|||||||
apiVersion: batch/v1
|
|
||||||
kind: CronJob
|
|
||||||
metadata:
|
|
||||||
name: hydra-janitor
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: hydra-janitor
|
|
||||||
spec:
|
|
||||||
concurrencyPolicy: Forbid
|
|
||||||
schedule: "0 */1 * * *"
|
|
||||||
jobTemplate:
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: hydra-janitor
|
|
||||||
spec:
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
serviceAccountName: hydra-sa
|
|
||||||
containers:
|
|
||||||
- name: janitor
|
|
||||||
image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: hydra-env
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command: ["hydra"]
|
|
||||||
env: []
|
|
||||||
args:
|
|
||||||
- janitor
|
|
||||||
- --read-from-env
|
|
||||||
- --grants
|
|
||||||
- --requests
|
|
||||||
- --tokens
|
|
||||||
resources: {}
|
|
||||||
@ -2,13 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ./resources/hydra-maester-deployment.yaml
|
- ./resources/hydra-maester-deployment.yaml
|
||||||
- ./resources/hydra-maester-rbac.yaml
|
- ./resources/hydra-maester-rbac.yaml
|
||||||
|
- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
|
||||||
|
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: hydra-maester-env
|
- name: hydra-maester-env
|
||||||
literals:
|
literals:
|
||||||
- APP_ENV=prod
|
- APP_ENV=prod
|
||||||
- APP_DEBUG=false
|
- APP_DEBUG=false
|
||||||
- HYDRA_ADMIN_BASE_URL=http://hydra
|
- HYDRA_ADMIN_BASE_URL=http://hydra
|
||||||
- HYDRA_ADMIN_PORT=4445
|
- HYDRA_ADMIN_PORT=4445
|
||||||
Reference in New Issue
Block a user