diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml index da68867..3043507 100644 --- a/overlays/full/kustomization.yaml +++ b/overlays/full/kustomization.yaml @@ -5,13 +5,13 @@ resources: - ../base labels: - - pairs: - app.kubernetes.io/part-of: sso-kustom - app.kubernetes.io/component: auth +- pairs: + app.kubernetes.io/part-of: sso-kustom + app.kubernetes.io/component: auth components: - ../../components/hydra-cnpg-database - ../../components/hydra-oidc - ../../components/hydra-saml - ../../components/hydra-sql -- ../../components/oidc-test \ No newline at end of file +- ../../components/oidc-test diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index 34b8a16..49bb066 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -2,35 +2,35 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./resources/hydra-deployment.yaml - - ./resources/hydra-service.yaml - - ./resources/hydra-role.yaml - - ./resources/hydra-rolebinding.yaml - - ./resources/hydra-serviceaccount.yaml - - ./resources/hydra-migrate-job.yaml - - ./resources/hydra-maester - - ./resources/hydra-janitor-cronjob.yaml +- ./resources/hydra-deployment.yaml +- ./resources/hydra-service.yaml +- ./resources/hydra-role.yaml +- ./resources/hydra-rolebinding.yaml +- ./resources/hydra-serviceaccount.yaml +- ./resources/hydra-migrate-job.yaml +- ./resources/hydra-janitor-cronjob.yaml +- ./resources/hydra-maester secretGenerator: - - name: hydra-secret - literals: - - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged +- name: hydra-secret + literals: + - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged configMapGenerator: - - name: hydra-env - literals: - - URLS_SELF_ISSUER=http://localhost:4444 - - URLS_LOGIN=http://hydra-login-app/login - - URLS_CONSENT=http://hydra-consent-app/consent - - URLS_LOGOUT=http://hydra-logout-app/logout - - HYDRA_SERVE_ALL_ARGS=--dev - - LOG_LEVEL=info +- name: hydra-env + literals: + - URLS_SELF_ISSUER=http://localhost:4444 + - URLS_LOGIN=http://hydra-login-app/login + - URLS_CONSENT=http://hydra-consent-app/consent + - URLS_LOGOUT=http://hydra-logout-app/logout + - HYDRA_SERVE_ALL_ARGS=--dev + - LOG_LEVEL=info vars: - name: HYDRA_MIGRATE_JOB_NAME objref: name: hydra-migrate - kind: Job + kind: Job apiVersion: batch/v1 fieldref: - fieldpath: metadata.name \ No newline at end of file + fieldpath: metadata.name diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml index 42c02f6..e4cc303 100644 --- a/resources/hydra/resources/hydra-maester/kustomization.yaml +++ b/resources/hydra/resources/hydra-maester/kustomization.yaml @@ -2,14 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./resources/hydra-maester-deployment.yaml - - ./resources/hydra-maester-rbac.yaml - - https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml +- ./resources/hydra-maester-deployment.yaml +- ./resources/hydra-maester-rbac.yaml +#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml configMapGenerator: - - name: hydra-maester-env - literals: - - APP_ENV=prod - - APP_DEBUG=false - - HYDRA_ADMIN_BASE_URL=http://hydra - - HYDRA_ADMIN_PORT=4445 \ No newline at end of file +- name: hydra-maester-env + literals: + - APP_ENV=prod + - APP_DEBUG=false + - HYDRA_ADMIN_BASE_URL=http://hydra + - HYDRA_ADMIN_PORT=4445 diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml index 0b5b7bb..e2eccc1 100644 --- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml @@ -1,4 +1,3 @@ ---- # Source: hydra/charts/hydra-maester/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment @@ -7,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: hydra-maester app.kubernetes.io/instance: hydra-master - app.kubernetes.io/version: "v0.0.23" + app.kubernetes.io/version: "v0.0.25" spec: replicas: 1 revisionHistoryLimit: 10 @@ -25,32 +24,31 @@ spec: annotations: spec: containers: - - name: hydra-maester - image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25 - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: hydra-maester-env - command: - - /manager - args: - - --metrics-addr=127.0.0.1:8080 - - --hydra-url=$(HYDRA_ADMIN_BASE_URL) - - --hydra-port=$(HYDRA_ADMIN_PORT) - - --endpoint=/admin/clients - resources: - {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 + - name: hydra-maester + image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: hydra-maester-env + command: + - /manager + args: + - --metrics-addr=127.0.0.1:8080 + - --hydra-url=$(HYDRA_ADMIN_BASE_URL) + - --hydra-port=$(HYDRA_ADMIN_PORT) + - --endpoint=/admin/clients + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 serviceAccountName: hydra-maester-account automountServiceAccountToken: true nodeSelector: