4 changed files with 60 additions and 62 deletions
--- a/overlays/full/kustomization.yaml
+++ b/overlays/full/kustomization.yaml
@ -5,9 +5,9 @@ resources:
 - ../base
 labels:
-  - pairs:
+- pairs:
-      app.kubernetes.io/part-of: sso-kustom
+    app.kubernetes.io/part-of: sso-kustom
-      app.kubernetes.io/component: auth
+    app.kubernetes.io/component: auth
 components:
 - ../../components/hydra-cnpg-database
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@ -2,29 +2,29 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./resources/hydra-deployment.yaml
+- ./resources/hydra-deployment.yaml
-  - ./resources/hydra-service.yaml
+- ./resources/hydra-service.yaml
-  - ./resources/hydra-role.yaml
+- ./resources/hydra-role.yaml
-  - ./resources/hydra-rolebinding.yaml
+- ./resources/hydra-rolebinding.yaml
-  - ./resources/hydra-serviceaccount.yaml
+- ./resources/hydra-serviceaccount.yaml
-  - ./resources/hydra-migrate-job.yaml
+- ./resources/hydra-migrate-job.yaml
-  - ./resources/hydra-maester
+- ./resources/hydra-janitor-cronjob.yaml
-  - ./resources/hydra-janitor-cronjob.yaml
+- ./resources/hydra-maester
 secretGenerator:
-  - name: hydra-secret
+- name: hydra-secret
-    literals:
+  literals:
-      - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
+  - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged
 configMapGenerator:
-  - name: hydra-env
+- name: hydra-env
-    literals:
+  literals:
-      - URLS_SELF_ISSUER=http://localhost:4444
+  - URLS_SELF_ISSUER=http://localhost:4444
-      - URLS_LOGIN=http://hydra-login-app/login
+  - URLS_LOGIN=http://hydra-login-app/login
-      - URLS_CONSENT=http://hydra-consent-app/consent
+  - URLS_CONSENT=http://hydra-consent-app/consent
-      - URLS_LOGOUT=http://hydra-logout-app/logout
+  - URLS_LOGOUT=http://hydra-logout-app/logout
-      - HYDRA_SERVE_ALL_ARGS=--dev
+  - HYDRA_SERVE_ALL_ARGS=--dev
-      - LOG_LEVEL=info
+  - LOG_LEVEL=info
 vars:
 - name: HYDRA_MIGRATE_JOB_NAME
--- a/resources/hydra/resources/hydra-maester/kustomization.yaml
+++ b/resources/hydra/resources/hydra-maester/kustomization.yaml
@ -2,14 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./resources/hydra-maester-deployment.yaml
+- ./resources/hydra-maester-deployment.yaml
-  - ./resources/hydra-maester-rbac.yaml
+- ./resources/hydra-maester-rbac.yaml
-  - https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
 configMapGenerator:
-  - name: hydra-maester-env
+- name: hydra-maester-env
-    literals:
+  literals:
-      - APP_ENV=prod
+  - APP_ENV=prod
-      - APP_DEBUG=false
+  - APP_DEBUG=false
-      - HYDRA_ADMIN_BASE_URL=http://hydra
+  - HYDRA_ADMIN_BASE_URL=http://hydra
-      - HYDRA_ADMIN_PORT=4445
+  - HYDRA_ADMIN_PORT=4445
--- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
+++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-deployment.yaml
@ -1,4 +1,3 @@
 ---
 # Source: hydra/charts/hydra-maester/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
@ -7,7 +6,7 @@ metadata:
  labels:
    app.kubernetes.io/name: hydra-maester
    app.kubernetes.io/instance: hydra-master
-    app.kubernetes.io/version: "v0.0.23"
+    app.kubernetes.io/version: "v0.0.25"
 spec:
  replicas: 1
  revisionHistoryLimit: 10
@ -25,32 +24,31 @@ spec:
      annotations:
    spec:
      containers:
-        - name: hydra-maester
+      - name: hydra-maester
-          image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
+        image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
-          imagePullPolicy: IfNotPresent
+        imagePullPolicy: IfNotPresent
-          envFrom:
+        envFrom:
-            - configMapRef:
+        - configMapRef:
-                name: hydra-maester-env
+            name: hydra-maester-env
-          command:
+        command:
-            - /manager
+        - /manager
-          args:
+        args:
-            - --metrics-addr=127.0.0.1:8080
+        - --metrics-addr=127.0.0.1:8080
-            - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
+        - --hydra-url=$(HYDRA_ADMIN_BASE_URL)
-            - --hydra-port=$(HYDRA_ADMIN_PORT)
+        - --hydra-port=$(HYDRA_ADMIN_PORT)
-            - --endpoint=/admin/clients
+        - --endpoint=/admin/clients
-          resources:
+        resources: {}
-            {}
+        terminationMessagePath: /dev/termination-log
-          terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
-          terminationMessagePolicy: File
+        securityContext:
-          securityContext:
+          allowPrivilegeEscalation: false
-            allowPrivilegeEscalation: false
+          capabilities:
-            capabilities:
+            drop:
-              drop:
+            - ALL
-              - ALL
+          privileged: false
-            privileged: false
+          readOnlyRootFilesystem: true
-            readOnlyRootFilesystem: true
+          runAsNonRoot: true
-            runAsNonRoot: true
+          runAsUser: 1000
            runAsUser: 1000
      serviceAccountName: hydra-maester-account
      automountServiceAccountToken: true
      nodeSelector: