From 76b90e6c820795fb72097c51c5c79704d1fe00f4 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 10:02:25 +0100
Subject: [PATCH 1/9] feat(components): moving hydra-maester as componenent

This will prevent oauth2-client removal from hydra instances removal.
At the time if you deploy an hydra in your namespace for your app and
delete it, the hydra-maester CRD will be removed, but we don't want that.
More than one project will use this CRD.
---
 .../hydra-maester/kustomization.yaml          |  0
 .../resources/hydra-maester-deployment.yaml   |  0
 .../resources/hydra-maester-rbac.yaml         |  0
 overlays/full/kustomization.yaml              |  9 ++--
 resources/hydra/kustomization.yaml            | 41 +++++++++----------
 5 files changed, 25 insertions(+), 25 deletions(-)
 rename {resources/hydra/resources => components}/hydra-maester/kustomization.yaml (100%)
 rename {resources/hydra/resources => components}/hydra-maester/resources/hydra-maester-deployment.yaml (100%)
 rename {resources/hydra/resources => components}/hydra-maester/resources/hydra-maester-rbac.yaml (100%)

diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/components/hydra-maester/kustomization.yaml
similarity index 100%
rename from resources/hydra/resources/hydra-maester/kustomization.yaml
rename to components/hydra-maester/kustomization.yaml
diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/components/hydra-maester/resources/hydra-maester-deployment.yaml
similarity index 100%
rename from resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
rename to components/hydra-maester/resources/hydra-maester-deployment.yaml
diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/components/hydra-maester/resources/hydra-maester-rbac.yaml
similarity index 100%
rename from resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml
rename to components/hydra-maester/resources/hydra-maester-rbac.yaml
diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml
index da68867..6cedf0a 100644
--- a/overlays/full/kustomization.yaml
+++ b/overlays/full/kustomization.yaml
@@ -5,13 +5,14 @@ resources:
 - ../base
 
 labels:
-  - pairs:
-      app.kubernetes.io/part-of: sso-kustom
-      app.kubernetes.io/component: auth
+- pairs:
+    app.kubernetes.io/part-of: sso-kustom
+    app.kubernetes.io/component: auth
 
 components:
+- ../../components/hydra-maester
 - ../../components/hydra-cnpg-database
 - ../../components/hydra-oidc
 - ../../components/hydra-saml
 - ../../components/hydra-sql
-- ../../components/oidc-test
\ No newline at end of file
+- ../../components/oidc-test
diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml
index 34b8a16..d10bb9a 100644
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@@ -2,35 +2,34 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - ./resources/hydra-deployment.yaml
-  - ./resources/hydra-service.yaml
-  - ./resources/hydra-role.yaml
-  - ./resources/hydra-rolebinding.yaml
-  - ./resources/hydra-serviceaccount.yaml
-  - ./resources/hydra-migrate-job.yaml
-  - ./resources/hydra-maester
-  - ./resources/hydra-janitor-cronjob.yaml
+- ./resources/hydra-deployment.yaml
+- ./resources/hydra-service.yaml
+- ./resources/hydra-role.yaml
+- ./resources/hydra-rolebinding.yaml
+- ./resources/hydra-serviceaccount.yaml
+- ./resources/hydra-migrate-job.yaml
+- ./resources/hydra-janitor-cronjob.yaml
 
 secretGenerator:
-  - name: hydra-secret
-    literals:
-      - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
+- name: hydra-secret
+  literals:
+  - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
 
 configMapGenerator:
-  - name: hydra-env
-    literals:
-      - URLS_SELF_ISSUER=http://localhost:4444
-      - URLS_LOGIN=http://hydra-login-app/login
-      - URLS_CONSENT=http://hydra-consent-app/consent
-      - URLS_LOGOUT=http://hydra-logout-app/logout
-      - HYDRA_SERVE_ALL_ARGS=--dev
-      - LOG_LEVEL=info
+- name: hydra-env
+  literals:
+  - URLS_SELF_ISSUER=http://localhost:4444
+  - URLS_LOGIN=http://hydra-login-app/login
+  - URLS_CONSENT=http://hydra-consent-app/consent
+  - URLS_LOGOUT=http://hydra-logout-app/logout
+  - HYDRA_SERVE_ALL_ARGS=--dev
+  - LOG_LEVEL=info
 
 vars:
 - name: HYDRA_MIGRATE_JOB_NAME
   objref:
     name: hydra-migrate
-    kind: Job 
+    kind: Job
     apiVersion: batch/v1
   fieldref:
-    fieldpath: metadata.name
\ No newline at end of file
+    fieldpath: metadata.name
-- 
2.17.1


From 3e0102b3713b5352c695536d483fa2f86fbedc4f Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 11:48:31 +0100
Subject: [PATCH 2/9] fix(components/hydra-maester): do not deploy CRD from
 here

---
 components/hydra-maester/kustomization.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/hydra-maester/kustomization.yaml b/components/hydra-maester/kustomization.yaml
index 42c02f6..e4cc303 100644
--- a/components/hydra-maester/kustomization.yaml
+++ b/components/hydra-maester/kustomization.yaml
@@ -2,14 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - ./resources/hydra-maester-deployment.yaml
-  - ./resources/hydra-maester-rbac.yaml
-  - https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+- ./resources/hydra-maester-deployment.yaml
+- ./resources/hydra-maester-rbac.yaml
+#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
 
 configMapGenerator:
-  - name: hydra-maester-env
-    literals:
-      - APP_ENV=prod
-      - APP_DEBUG=false
-      - HYDRA_ADMIN_BASE_URL=http://hydra
-      - HYDRA_ADMIN_PORT=4445
\ No newline at end of file
+- name: hydra-maester-env
+  literals:
+  - APP_ENV=prod
+  - APP_DEBUG=false
+  - HYDRA_ADMIN_BASE_URL=http://hydra
+  - HYDRA_ADMIN_PORT=4445
-- 
2.17.1


From f04fae0da53b6137de0cb9624e0c382ef7e4826d Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 11:53:30 +0100
Subject: [PATCH 3/9] fix(components/hydra-maester): use the correct kind

---
 components/hydra-maester/kustomization.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/hydra-maester/kustomization.yaml b/components/hydra-maester/kustomization.yaml
index e4cc303..631e9d9 100644
--- a/components/hydra-maester/kustomization.yaml
+++ b/components/hydra-maester/kustomization.yaml
@@ -1,5 +1,5 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
 
 resources:
 - ./resources/hydra-maester-deployment.yaml
-- 
2.17.1


From 11522ad92efa9134019894678f5290d5acce2d36 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 12:25:25 +0100
Subject: [PATCH 4/9] fix(components/hydra-maester): update maester version

---
 .../resources/hydra-maester-deployment.yaml   | 54 +++++++++----------
 1 file changed, 26 insertions(+), 28 deletions(-)

diff --git a/components/hydra-maester/resources/hydra-maester-deployment.yaml b/components/hydra-maester/resources/hydra-maester-deployment.yaml
index 0b5b7bb..bb5be0f 100644
--- a/components/hydra-maester/resources/hydra-maester-deployment.yaml
+++ b/components/hydra-maester/resources/hydra-maester-deployment.yaml
@@ -1,4 +1,3 @@
----
 # Source: hydra/charts/hydra-maester/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
@@ -7,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: hydra-maester
     app.kubernetes.io/instance: hydra-master
-    app.kubernetes.io/version: "v0.0.23"
+    app.kubernetes.io/version: "v0.0.32"
 spec:
   replicas: 1
   revisionHistoryLimit: 10
@@ -25,32 +24,31 @@ spec:
       annotations:
     spec:
       containers:
-        - name: hydra-maester
-          image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
-          imagePullPolicy: IfNotPresent
-          envFrom:
-            - configMapRef:
-                name: hydra-maester-env
-          command:
-            - /manager
-          args:
-            - --metrics-addr=127.0.0.1:8080
-            - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
-            - --hydra-port=$(HYDRA_ADMIN_PORT)
-            - --endpoint=/admin/clients
-          resources:
-            {}
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            runAsUser: 1000
+      - name: hydra-maester
+        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.32
+        imagePullPolicy: IfNotPresent
+        envFrom:
+        - configMapRef:
+            name: hydra-maester-env
+        command:
+        - /manager
+        args:
+        - --metrics-addr=127.0.0.1:8080
+        - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
+        - --hydra-port=$(HYDRA_ADMIN_PORT)
+        - --endpoint=/admin/clients
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
       serviceAccountName: hydra-maester-account
       automountServiceAccountToken: true
       nodeSelector:
-- 
2.17.1


From 4d81d59c3f3ddabc60d9ca35ace8db83aea96134 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 13:20:04 +0100
Subject: [PATCH 5/9] fix(components/hydra-maester): back to resource

---
 components/hydra-maester/kustomization.yaml   | 15 -----
 .../resources/hydra-maester-deployment.yaml   | 54 -----------------
 .../resources/hydra-maester-rbac.yaml         | 60 -------------------
 resources/hydra/kustomization.yaml            |  1 +
 4 files changed, 1 insertion(+), 129 deletions(-)
 delete mode 100644 components/hydra-maester/kustomization.yaml
 delete mode 100644 components/hydra-maester/resources/hydra-maester-deployment.yaml
 delete mode 100644 components/hydra-maester/resources/hydra-maester-rbac.yaml

diff --git a/components/hydra-maester/kustomization.yaml b/components/hydra-maester/kustomization.yaml
deleted file mode 100644
index 631e9d9..0000000
--- a/components/hydra-maester/kustomization.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1alpha1
-kind: Component
-
-resources:
-- ./resources/hydra-maester-deployment.yaml
-- ./resources/hydra-maester-rbac.yaml
-#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
-
-configMapGenerator:
-- name: hydra-maester-env
-  literals:
-  - APP_ENV=prod
-  - APP_DEBUG=false
-  - HYDRA_ADMIN_BASE_URL=http://hydra
-  - HYDRA_ADMIN_PORT=4445
diff --git a/components/hydra-maester/resources/hydra-maester-deployment.yaml b/components/hydra-maester/resources/hydra-maester-deployment.yaml
deleted file mode 100644
index bb5be0f..0000000
--- a/components/hydra-maester/resources/hydra-maester-deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-# Source: hydra/charts/hydra-maester/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: hydra-maester
-  labels:
-    app.kubernetes.io/name: hydra-maester
-    app.kubernetes.io/instance: hydra-master
-    app.kubernetes.io/version: "v0.0.32"
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      control-plane: controller-manager
-      app.kubernetes.io/name: hydra-maester
-      app.kubernetes.io/instance: hydra
-  template:
-    metadata:
-      labels:
-        control-plane: controller-manager
-        app.kubernetes.io/name: hydra-maester
-        app.kubernetes.io/instance: hydra
-      annotations:
-    spec:
-      containers:
-      - name: hydra-maester
-        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.32
-        imagePullPolicy: IfNotPresent
-        envFrom:
-        - configMapRef:
-            name: hydra-maester-env
-        command:
-        - /manager
-        args:
-        - --metrics-addr=127.0.0.1:8080
-        - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
-        - --hydra-port=$(HYDRA_ADMIN_PORT)
-        - --endpoint=/admin/clients
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 1000
-      serviceAccountName: hydra-maester-account
-      automountServiceAccountToken: true
-      nodeSelector:
diff --git a/components/hydra-maester/resources/hydra-maester-rbac.yaml b/components/hydra-maester/resources/hydra-maester-rbac.yaml
deleted file mode 100644
index 03548b3..0000000
--- a/components/hydra-maester/resources/hydra-maester-rbac.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
----
-# Source: hydra/charts/hydra-maester/templates/rbac.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: hydra-maester-account
----
-# Source: hydra/charts/hydra-maester/templates/rbac.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: hydra-maester-role
-rules:
-  - apiGroups: ["hydra.ory.sh"]
-    resources: ["oauth2clients", "oauth2clients/status"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["list", "watch", "create"]
----
-# Source: hydra/charts/hydra-maester/templates/rbac.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: hydra-maester-role-binding
-subjects:
-  - kind: ServiceAccount
-    name: hydra-maester-account # Service account assigned to the controller pod.
-    namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: hydra-maester-role
----
-# Source: hydra/charts/hydra-maester/templates/rbac.yaml
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: hydra-maester-role
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch", "create"]
-  - apiGroups: ["hydra.ory.sh"]
-    resources: ["oauth2clients", "oauth2clients/status"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
----
-# Source: hydra/charts/hydra-maester/templates/rbac.yaml
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: hydra-maester-role-binding
-subjects:
-  - kind: ServiceAccount
-    name: hydra-maester-account # Service account assigned to the controller pod.
-    namespace:  default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: hydra-maester-role
diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml
index d10bb9a..6d3db66 100644
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
 - ./resources/hydra-serviceaccount.yaml
 - ./resources/hydra-migrate-job.yaml
 - ./resources/hydra-janitor-cronjob.yaml
+- ./resources/hydra-maester.yaml
 
 secretGenerator:
 - name: hydra-secret
-- 
2.17.1


From 7788295ef16c866efd46942496c58eca9d470a78 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 13:20:46 +0100
Subject: [PATCH 6/9] fix(components/hydra-maester): fix image version

---
 .../hydra-maester/kustomization.yaml          | 15 +++++
 .../resources/hydra-maester-deployment.yaml   | 54 +++++++++++++++++
 .../resources/hydra-maester-rbac.yaml         | 60 +++++++++++++++++++
 3 files changed, 129 insertions(+)
 create mode 100644 resources/hydra/resources/hydra-maester/kustomization.yaml
 create mode 100644 resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
 create mode 100644 resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml

diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml
new file mode 100644
index 0000000..f8704d8
--- /dev/null
+++ b/resources/hydra/resources/hydra-maester/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Kustomization
+
+resources:
+- ./resources/hydra-maester-deployment.yaml
+- ./resources/hydra-maester-rbac.yaml
+#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+
+configMapGenerator:
+- name: hydra-maester-env
+  literals:
+  - APP_ENV=prod
+  - APP_DEBUG=false
+  - HYDRA_ADMIN_BASE_URL=http://hydra
+  - HYDRA_ADMIN_PORT=4445
diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
new file mode 100644
index 0000000..1227759
--- /dev/null
+++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
@@ -0,0 +1,54 @@
+# Source: hydra/charts/hydra-maester/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hydra-maester
+  labels:
+    app.kubernetes.io/name: hydra-maester
+    app.kubernetes.io/instance: hydra-master
+    app.kubernetes.io/version: "v0.0.31"
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+      app.kubernetes.io/name: hydra-maester
+      app.kubernetes.io/instance: hydra
+  template:
+    metadata:
+      labels:
+        control-plane: controller-manager
+        app.kubernetes.io/name: hydra-maester
+        app.kubernetes.io/instance: hydra
+      annotations:
+    spec:
+      containers:
+      - name: hydra-maester
+        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.31
+        imagePullPolicy: IfNotPresent
+        envFrom:
+        - configMapRef:
+            name: hydra-maester-env
+        command:
+        - /manager
+        args:
+        - --metrics-addr=127.0.0.1:8080
+        - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
+        - --hydra-port=$(HYDRA_ADMIN_PORT)
+        - --endpoint=/admin/clients
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+      serviceAccountName: hydra-maester-account
+      automountServiceAccountToken: true
+      nodeSelector:
diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml
new file mode 100644
index 0000000..03548b3
--- /dev/null
+++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml
@@ -0,0 +1,60 @@
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: hydra-maester-account
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role
+rules:
+  - apiGroups: ["hydra.ory.sh"]
+    resources: ["oauth2clients", "oauth2clients/status"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list", "watch", "create"]
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: hydra-maester-account # Service account assigned to the controller pod.
+    namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hydra-maester-role
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch", "create"]
+  - apiGroups: ["hydra.ory.sh"]
+    resources: ["oauth2clients", "oauth2clients/status"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: hydra-maester-account # Service account assigned to the controller pod.
+    namespace:  default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: hydra-maester-role
-- 
2.17.1


From deeb8859ddb56f6b8465d4e9b4e8277a1f647816 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 13:34:35 +0100
Subject: [PATCH 7/9] fix(components/hydra-maester): resource name

---
 resources/hydra/kustomization.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml
index 6d3db66..49bb066 100644
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@@ -9,7 +9,7 @@ resources:
 - ./resources/hydra-serviceaccount.yaml
 - ./resources/hydra-migrate-job.yaml
 - ./resources/hydra-janitor-cronjob.yaml
-- ./resources/hydra-maester.yaml
+- ./resources/hydra-maester
 
 secretGenerator:
 - name: hydra-secret
-- 
2.17.1


From d483626867bf772c0eda09361a2b8f990f6cb305 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 13:37:20 +0100
Subject: [PATCH 8/9] fix(components/hydra-maester): full overlay do no use
 missing componenents

---
 overlays/full/kustomization.yaml                           | 1 -
 resources/hydra/resources/hydra-maester/kustomization.yaml | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml
index 6cedf0a..3043507 100644
--- a/overlays/full/kustomization.yaml
+++ b/overlays/full/kustomization.yaml
@@ -10,7 +10,6 @@ labels:
     app.kubernetes.io/component: auth
 
 components:
-- ../../components/hydra-maester
 - ../../components/hydra-cnpg-database
 - ../../components/hydra-oidc
 - ../../components/hydra-saml
diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml
index f8704d8..e4cc303 100644
--- a/resources/hydra/resources/hydra-maester/kustomization.yaml
+++ b/resources/hydra/resources/hydra-maester/kustomization.yaml
@@ -1,4 +1,4 @@
-apiVersion: kustomize.config.k8s.io/v1alpha1
+apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- 
2.17.1


From 782118d5fe8e119a5937c17829cf40ce64ecf672 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 22 Dec 2023 13:56:49 +0100
Subject: [PATCH 9/9] fix(components/hydra-maester): revert to 0.0.25

---
 .../hydra-maester/resources/hydra-maester-deployment.yaml     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
index 1227759..e2eccc1 100644
--- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
+++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: hydra-maester
     app.kubernetes.io/instance: hydra-master
-    app.kubernetes.io/version: "v0.0.31"
+    app.kubernetes.io/version: "v0.0.25"
 spec:
   replicas: 1
   revisionHistoryLimit: 10
@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: hydra-maester
-        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.31
+        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
         imagePullPolicy: IfNotPresent
         envFrom:
         - configMapRef:
-- 
2.17.1