diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index 88288e0..ac4ec8c 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-oidc-deployment.yaml - ./resources/hydra-oidc-service.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-oidc-env literals: @@ -26,6 +30,7 @@ configMapGenerator: - CLIENT_SECRET_FC=MyClientSecret - COOKIE_PATH=/ - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR + - REDIS_DSN="redis://redis:6379" # - name: hydra-dispatcher-apps # behavior: merge # files: @@ -35,5 +40,5 @@ patchesJson6902: - target: version: v1 kind: ConfigMap - name: hydra-dispatcher-env - path: patches/hydra-dispatcher-env.yaml + name: hydra-oidc-env + path: patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/patches/hydra-dispatcher-env.yaml b/components/hydra-oidc/patches/hydra-oidc-env.yaml similarity index 100% rename from components/hydra-oidc/patches/hydra-dispatcher-env.yaml rename to components/hydra-oidc/patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index dd62f7e..2c73871 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -47,7 +47,7 @@ spec: name: hydra-oidc-env resources: {} - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad imagePullPolicy: Always name: hydra-oidc-nginx args: ["/usr/sbin/nginx"] diff --git a/components/hydra-saml/resources/hydra-saml-remote-user.yaml b/components/hydra-saml/resources/hydra-saml-remote-user.yaml index 0b9cbba..cf4705e 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user.yaml @@ -23,7 +23,7 @@ spec: - configMapRef: name: hydra-saml-env ports: - - containerPort: 80 + - containerPort: 8080 resources: {} restartPolicy: Always --- @@ -37,6 +37,7 @@ spec: ports: - name: http port: 80 + targetPort: 8080 selector: io.kompose.service: hydra-saml-remote-user status: diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index 5aff91e..b0b66d5 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-sql-service.yaml - ./resources/hydra-sql-deployment.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-sql-env literals: @@ -17,7 +21,7 @@ configMapGenerator: - DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql" - DB_USER="makeMeASecret" - DB_PASSWORD="makeMeASecret" - - REDIS_DSN="redis://rfs-redis:26379?&redis_sentinel=mymaster" + - REDIS_DSN="redis://redis:6379" - PEPPER="MakeMeABigSecret" - name: sql-login-config files: diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 45c95ec..0b03667 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -54,7 +54,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 imagePullPolicy: Always args: ["/usr/sbin/nginx"] readinessProbe: diff --git a/components/redis/README.md b/components/redis/README.md new file mode 100644 index 0000000..072c605 --- /dev/null +++ b/components/redis/README.md @@ -0,0 +1,22 @@ +# Composant `redis` + +### Description + +Les applications `hydra-dispatcher`, `hydra-sql` et `hydra-oidc` stockent dorénavant le cache et les sessions utilisateur sur un serveur Redis. +Le DSN du serveur est défini dans leur variable d'environnement respective `REDIS_DSN`. +Les applications peuvent utiliser le mode `sentinel` de redis +Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour utiliser ces applications. + +### Principe général de fonctionnement + +Un `RedisFailOver` crée un cluster redis en mode sentinel avec 3 réplicats chacun. + + +### Personnalisation + +Via des `patches` sur la ressource `ConfigMap` via un label selector `com.cadoles.forge.sso-kustom/session=redis` il est possible de modifier la valeur du `REDIS_DSN`. + + +|Clé|Description|Exemple| +|---|-----------|-------| +|`REDIS_DSN`| DSN du cluster Redis | `redis://rfs-sso-redis:26379?&redis_sentinel=mymaster` diff --git a/components/redis/kustomization.yaml b/components/redis/kustomization.yaml new file mode 100644 index 0000000..609cf30 --- /dev/null +++ b/components/redis/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./resources/redis-failover.yaml + +patches: +- path: ./patches/hydra-apps.yaml + target: + kind: ConfigMap + labelSelector: "com.cadoles.forge.sso-kustom/session=redis" diff --git a/components/redis/patches/hydra-apps.yaml b/components/redis/patches/hydra-apps.yaml new file mode 100644 index 0000000..6ab436a --- /dev/null +++ b/components/redis/patches/hydra-apps.yaml @@ -0,0 +1,3 @@ +- op: replace + path: "/data/REDIS_DSN" + value: "redis://rfs-sso-redis:26379?&redis_sentinel=mymaster" diff --git a/components/redis/resources/redis-failover.yaml b/components/redis/resources/redis-failover.yaml new file mode 100644 index 0000000..01f1e3a --- /dev/null +++ b/components/redis/resources/redis-failover.yaml @@ -0,0 +1,21 @@ +apiVersion: databases.spotahome.com/v1 +kind: RedisFailover +metadata: + name: sso-redis +spec: + sentinel: + replicas: 3 + resources: + requests: + cpu: 100m + limits: + memory: 100Mi + redis: + replicas: 3 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 400m + memory: 500Mi diff --git a/doc/README.md b/doc/README.md deleted file mode 100644 index 7d8b3af..0000000 --- a/doc/README.md +++ /dev/null @@ -1 +0,0 @@ -# Documentation \ No newline at end of file diff --git a/examples/authenticated-app/README.md b/examples/authenticated-app/README.md index d3fa32b..1619333 100644 --- a/examples/authenticated-app/README.md +++ b/examples/authenticated-app/README.md @@ -15,7 +15,7 @@ L'exemple est actuellement déployé avec le composant `hydra-saml` uniquement. 2. Déployer les opérateurs nécessaires au déploiement ``` - kubectl kustomize --enable-helm ./examples/k8s/kind/cluster | kubectl apply -f - + kubectl apply -k ./examples/k8s/kind/cluster --server-side ``` 3. Déployer l'application diff --git a/examples/k8s/kind/cluster/kustomization.yaml b/examples/k8s/kind/cluster/kustomization.yaml index 760eb72..af48eba 100644 --- a/examples/k8s/kind/cluster/kustomization.yaml +++ b/examples/k8s/kind/cluster/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - https://github.com/jetstack/cert-manager/releases/download/v1.13.2/cert-manager.yaml - https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop - https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml patchesJson6902: @@ -11,4 +12,4 @@ patchesJson6902: kind: ConfigMap name: ingress-nginx-controller namespace: ingress-nginx - path: patches/nginx-controller.yaml \ No newline at end of file + path: patches/nginx-controller.yaml diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml index da68867..e9a6eac 100644 --- a/overlays/full/kustomization.yaml +++ b/overlays/full/kustomization.yaml @@ -14,4 +14,5 @@ components: - ../../components/hydra-oidc - ../../components/hydra-saml - ../../components/hydra-sql -- ../../components/oidc-test \ No newline at end of file +- ../../components/oidc-test +- ../../components/redis diff --git a/resources/hydra-dispatcher/files/hydra/default.yaml b/resources/hydra-dispatcher/files/hydra/default.yaml index 52e6dbb..d86c656 100644 --- a/resources/hydra-dispatcher/files/hydra/default.yaml +++ b/resources/hydra-dispatcher/files/hydra/default.yaml @@ -14,4 +14,4 @@ hydra: api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%" firewall: additional_properties: "%env(bool:HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES)%" - rules: {} \ No newline at end of file + rules: {} diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 8bba48f..b3441fe 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-dispatcher-deployment.yaml - ./resources/hydra-dispatcher-service.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-dispatcher-env literals: @@ -21,6 +25,7 @@ configMapGenerator: - COOKIE_PATH=/ - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en + - REDIS_DSN="redis://redis:6379" - name: hydra-dispatcher-apps files: - apps.yaml=./files/hydra/default.yaml diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 9ce5670..4425640 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -49,7 +49,7 @@ spec: name: hydra-dispatcher-apps resources: {} - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 imagePullPolicy: Always name: hydra-dispatcher-nginx args: ["/usr/sbin/nginx"]