Merge pull request 'feat(hydra-dispatcher): update image ref' (#70) from f/update_hydra_dispatcher into unstable

Reviewed-on: #70

components/hydra-cnpg-database/patches/hydra-deployment.yaml

@@ -26,4 +26,4 @@
   path: "/spec/template/spec/containers/0/env/-"
   value:
     name: DSN
-    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable&max_conns=$(HYDRA_DATABASE_MAX_CONN)"
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable&max_conns=$(HYDRA_DATABASE_MAX_CONN)&max_idle_conns=$(HYDRA_DATABASE_MAX_IDLE_CONNS)&max_conn_lifetime=$(HYDRA_DATABASE_MAX_CONN_LIFETIME)&max_conn_idle_time=$(HYDRA_DATABASE_MAX_CONN_IDLE_TIME)&connect_timeout=$(HYDRA_DATABASE_CONNECT_TIMEOUT)"

components/hydra-saml/files/hydra/saml.yaml

@@ -20,11 +20,3 @@ hydra:
         eduPersonAffiliation:
           rules:
           - "property_exists(consent.session.id_token, 'eduPersonAffiliation') ? consent.session.id_token.eduPersonAffiliation : null"
-  firewall:
-    rules:
-      email:
-        required: false
-      uid:
-        required: false
-      eduPersonAffiliation:
-        required: false

components/hydra-sql/resources/hydra-sql-deployment.yaml

@@ -21,7 +21,7 @@ spec:
     spec:
       containers:
       - name: hydra-sql-fpm
-        image: reg.cadoles.com/cadoles/hydra-sql-base:2024.11.6-develop.1113.075be9b
+        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.3.7-develop.1415.7239d84
         imagePullPolicy: IfNotPresent
         args: ["/usr/sbin/php-fpm81", "-F", "-e"]
         readinessProbe:
@@ -68,7 +68,7 @@ spec:
           subPath: 03_base.ini
 
       - name: hydra-sql-caddy
-        image: reg.cadoles.com/cadoles/hydra-sql-base:2024.11.6-develop.1113.075be9b
+        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.3.7-develop.1415.7239d84
         imagePullPolicy: IfNotPresent
         args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"]
         readinessProbe:

components/oidc-test/resources/deployment.yaml

@@ -17,7 +17,7 @@ spec:
         app.kubernetes.io/name: oidc-test
     spec:
       containers:
-        - image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
+        - image: reg.cadoles.com/cadoles/oidc-test:2025.3.11-stable.1428.6545cb3
           name: oidc-test
           ports:
             - containerPort: 8080

examples/authenticated-app/files/hydra-dispatcher-apps.yaml

@@ -25,17 +25,6 @@ hydra:
         email:
           rules:
             - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
-  firewall:
-    additional_properties: true
-    rules:
-      siret:
-        required: false
-      email:
-        required: false
-      given_name:
-        required: false
-      family_name:
-        required: false
   webhook:
     enabled: false
   webhook_post_login:

resources/hydra-dispatcher/files/hydra/default.yaml

@@ -12,8 +12,5 @@ hydra:
     api_url: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_URL)%"
     api_key: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_KEY)%"
     api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%"
-  firewall:
-    additional_properties: "%env(bool:HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES)%"
-    rules: {}
   webhook_post_login:
     enabled: false

resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml

@@ -19,7 +19,7 @@ spec:
     spec:
       containers:
         - name: hydra-dispatcher-php-fpm
-          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb
+          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.3.18-develop.1401.4646fbb
           args: ["/usr/sbin/php-fpm81", "-F", "-e"]
           readinessProbe:
             exec:
@@ -61,7 +61,7 @@ spec:
             runAsGroup: 1000
             runAsUser: 1000
         - name: hydra-dispatcher-caddy
-          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb
+          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.3.18-develop.1401.4646fbb
           imagePullPolicy: IfNotPresent
           args:
             [

resources/hydra/kustomization.yaml

@@ -31,6 +31,11 @@ configMapGenerator:
       - URLS_LOGOUT=http://hydra-logout-app/logout
       - HYDRA_SERVE_ALL_ARGS=--dev
       - HYDRA_DATABASE_MAX_CONN="10"
+      - HYDRA_DATABASE_MAX_IDLE_CONNS="5"
+      - HYDRA_DATABASE_MAX_CONN_LIFETIME="0"  # Unlimited. ms, s, m, h
+      - HYDRA_DATABASE_MAX_CONN_IDLE_TIME="0"  # Unlimited. ms, s, m, h
+      - HYDRA_DATABASE_CONNECT_TIMEOUT="0"  # Unlimited
+      - SERVE_ADMIN_REQUEST_LOG_DISABLE_FOR_HEALTH="true"
       - LOG_LEVEL=info
 
 replacements:

resources/hydra/resources/hydra-deployment.yaml

@@ -46,10 +46,31 @@ spec:
                 - wget
                 - --spider
                 - -q
-                - http://127.0.0.1:4444/.well-known/openid-configuration
+                - http://127.0.0.1:4445/health/alive
             failureThreshold: 6
             periodSeconds: 10
             timeoutSeconds: 10
+          readinessProbe:
+            exec:
+              command:
+                - wget
+                - --spider
+                - -q
+                - http://127.0.0.1:4445/health/ready
+            failureThreshold: 6
+            periodSeconds: 10
+            timeoutSeconds: 10
+          startupProbe:
+            exec:
+              command:
+                - wget
+                - --spider
+                - -q
+                - http://127.0.0.1:4445/health/ready
+            failureThreshold: 60
+            successThreshold: 1
+            periodSeconds: 1
+            timeoutSeconds: 1
           ports:
             - containerPort: 4444
               name: hydra-public