From cc3d07d654972140570325e3a62cf67db4f03c29 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 11 Dec 2023 15:01:03 +0100 Subject: [PATCH 01/47] feat(hydra-sql): update hydra-sql dev image ref --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index ee84ac4..e065243 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1 + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.11-develop.1450.cc03fd8 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -54,7 +54,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:0.0.1 + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.11-develop.1450.cc03fd8 imagePullPolicy: Always args: ["/usr/sbin/nginx"] readinessProbe: -- 2.17.1 From 77eb73818f057f38f23aee45302dd7f06010d601 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 11 Dec 2023 15:30:27 +0100 Subject: [PATCH 02/47] feat(hydra-remote-user): update dev image ref --- components/hydra-saml/resources/hydra-saml-remote-user.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/hydra-saml/resources/hydra-saml-remote-user.yaml b/components/hydra-saml/resources/hydra-saml-remote-user.yaml index fc4d66e..0b9cbba 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-saml-remote-user - image: reg.cadoles.com/cadoles/hydra-remote-user-v1:v0.0.0-233-g64fcacc + image: reg.cadoles.com/cadoles/hydra-remote-user-base:2023.12.11-develop.1523.5f14595 envFrom: - configMapRef: name: hydra-saml-env -- 2.17.1 From c7b937adafad0fc7ff55c7001db11efdb132df4f Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Tue, 12 Dec 2023 08:58:06 +0100 Subject: [PATCH 03/47] feat(hydra-sql): update env vars --- components/hydra-sql/kustomization.yaml | 1 + components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index f305b11..5aff91e 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -17,6 +17,7 @@ configMapGenerator: - DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql" - DB_USER="makeMeASecret" - DB_PASSWORD="makeMeASecret" + - REDIS_DSN="redis://rfs-redis:26379?&redis_sentinel=mymaster" - PEPPER="MakeMeABigSecret" - name: sql-login-config files: diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index e065243..45c95ec 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.11-develop.1450.cc03fd8 + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -54,7 +54,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.11-develop.1450.cc03fd8 + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f imagePullPolicy: Always args: ["/usr/sbin/nginx"] readinessProbe: -- 2.17.1 From dd6804aa11e8e0db5d6285165eaa474d05713284 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Tue, 12 Dec 2023 10:47:05 +0100 Subject: [PATCH 04/47] feat(shibboleth-sp): update dev ref image --- components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml index 677a02e..d715d34 100644 --- a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml +++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml @@ -20,7 +20,7 @@ spec: fsGroup: 102 containers: - name: hydra-saml-shibboleth-sp - image: reg.cadoles.com/cadoles/shibboleth-sp-v3:v0.0.0-233-g64fcacc + image: reg.cadoles.com/cadoles/shibboleth-sp-v3:2023.12.12-develop.1039.49b85e1 envFrom: - configMapRef: name: hydra-saml-env -- 2.17.1 From e333d07c14cb189255b1045b55ec1f6d92ffb4db Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Wed, 13 Dec 2023 10:39:48 +0100 Subject: [PATCH 05/47] feat(hydra-dispatcher): maj ref image hydra-dispatcher pour ajout url_link env var --- .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index d7fb91f..9ce5670 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -49,7 +49,7 @@ spec: name: hydra-dispatcher-apps resources: {} - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.17-develop.1408.ad93359 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 imagePullPolicy: Always name: hydra-dispatcher-nginx args: ["/usr/sbin/nginx"] -- 2.17.1 From a02622b516cc22c7fffa11dd202db040f5b10ef8 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Fri, 15 Dec 2023 10:17:23 +0100 Subject: [PATCH 06/47] feat(hydra): mise en place du stockage des session redis sur la stack hydra, et correction logout sur hydra-oidc --- components/hydra-oidc/kustomization.yaml | 5 +++-- .../{hydra-dispatcher-env.yaml => hydra-oidc-env.yaml} | 0 components/hydra-oidc/resources/hydra-oidc-deployment.yaml | 4 ++-- components/hydra-sql/kustomization.yaml | 2 +- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- resources/hydra-dispatcher/kustomization.yaml | 1 + .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 7 files changed, 11 insertions(+), 9 deletions(-) rename components/hydra-oidc/patches/{hydra-dispatcher-env.yaml => hydra-oidc-env.yaml} (100%) diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index 88288e0..215184b 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -26,6 +26,7 @@ configMapGenerator: - CLIENT_SECRET_FC=MyClientSecret - COOKIE_PATH=/ - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR + - REDIS_DSN="redis://redis:6379" # - name: hydra-dispatcher-apps # behavior: merge # files: @@ -35,5 +36,5 @@ patchesJson6902: - target: version: v1 kind: ConfigMap - name: hydra-dispatcher-env - path: patches/hydra-dispatcher-env.yaml + name: hydra-oidc-env + path: patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/patches/hydra-dispatcher-env.yaml b/components/hydra-oidc/patches/hydra-oidc-env.yaml similarity index 100% rename from components/hydra-oidc/patches/hydra-dispatcher-env.yaml rename to components/hydra-oidc/patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index dd62f7e..2c73871 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -47,7 +47,7 @@ spec: name: hydra-oidc-env resources: {} - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.11.17-develop.1657.761e035 + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad imagePullPolicy: Always name: hydra-oidc-nginx args: ["/usr/sbin/nginx"] diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index 5aff91e..b138dd7 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -17,7 +17,7 @@ configMapGenerator: - DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql" - DB_USER="makeMeASecret" - DB_PASSWORD="makeMeASecret" - - REDIS_DSN="redis://rfs-redis:26379?&redis_sentinel=mymaster" + - REDIS_DSN="redis://redis:6379" - PEPPER="MakeMeABigSecret" - name: sql-login-config files: diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 45c95ec..0b03667 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -54,7 +54,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.12-develop.848.72e912f + image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 imagePullPolicy: Always args: ["/usr/sbin/nginx"] readinessProbe: diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 8bba48f..0eb6055 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -21,6 +21,7 @@ configMapGenerator: - COOKIE_PATH=/ - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en + - REDIS_DSN= redis://redis:6379?&prefix=hydradispatcher&ttl=3600 - name: hydra-dispatcher-apps files: - apps.yaml=./files/hydra/default.yaml diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 9ce5670..4425640 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -49,7 +49,7 @@ spec: name: hydra-dispatcher-apps resources: {} - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.11.23-develop.1635.0c3bdb6 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 imagePullPolicy: Always name: hydra-dispatcher-nginx args: ["/usr/sbin/nginx"] -- 2.17.1 From 7a802a6d28774e88d48963c94167a89c64ce2e44 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Fri, 15 Dec 2023 14:44:04 +0100 Subject: [PATCH 07/47] =?UTF-8?q?ajout=20redis=20=C3=A0=20l'example?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/README.md | 9 +++++++- examples/authenticated-app/README.md | 2 +- examples/k8s/kind/cluster/kustomization.yaml | 3 ++- overlays/base/kustomization.yaml | 1 + overlays/base/patches/sso-redis.yaml | 21 +++++++++++++++++++ .../hydra-dispatcher/files/hydra/default.yaml | 2 +- resources/hydra-dispatcher/kustomization.yaml | 2 +- 7 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 overlays/base/patches/sso-redis.yaml diff --git a/doc/README.md b/doc/README.md index 7d8b3af..0dc6be7 100644 --- a/doc/README.md +++ b/doc/README.md @@ -1 +1,8 @@ -# Documentation \ No newline at end of file +# Documentation + +### Redis + +Les applications `hydra-dispatcher`, `hydra-sql` et `hydra-oidc` stockent dorénavant le cache et les sessions utilisateur sur un serveur Redis. +Le DSN du serveur est défini dans leur variable d'environnement respective `REDIS_DSN`. +Les applications peuvent utiliser le mode `sentinel`` de redis +Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour utiliser ces applications. diff --git a/examples/authenticated-app/README.md b/examples/authenticated-app/README.md index d3fa32b..be79890 100644 --- a/examples/authenticated-app/README.md +++ b/examples/authenticated-app/README.md @@ -15,7 +15,7 @@ L'exemple est actuellement déployé avec le composant `hydra-saml` uniquement. 2. Déployer les opérateurs nécessaires au déploiement ``` - kubectl kustomize --enable-helm ./examples/k8s/kind/cluster | kubectl apply -f - + kubectl apply -k ./examples/k8s/kind/cluster --server-side ``` 3. Déployer l'application diff --git a/examples/k8s/kind/cluster/kustomization.yaml b/examples/k8s/kind/cluster/kustomization.yaml index 760eb72..af48eba 100644 --- a/examples/k8s/kind/cluster/kustomization.yaml +++ b/examples/k8s/kind/cluster/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - https://github.com/jetstack/cert-manager/releases/download/v1.13.2/cert-manager.yaml - https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop - https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml patchesJson6902: @@ -11,4 +12,4 @@ patchesJson6902: kind: ConfigMap name: ingress-nginx-controller namespace: ingress-nginx - path: patches/nginx-controller.yaml \ No newline at end of file + path: patches/nginx-controller.yaml diff --git a/overlays/base/kustomization.yaml b/overlays/base/kustomization.yaml index b85a923..ef391a7 100644 --- a/overlays/base/kustomization.yaml +++ b/overlays/base/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization resources: - ../../resources/hydra - ../../resources/hydra-dispatcher +- patches/sso-redis.yaml labels: - pairs: diff --git a/overlays/base/patches/sso-redis.yaml b/overlays/base/patches/sso-redis.yaml new file mode 100644 index 0000000..01f1e3a --- /dev/null +++ b/overlays/base/patches/sso-redis.yaml @@ -0,0 +1,21 @@ +apiVersion: databases.spotahome.com/v1 +kind: RedisFailover +metadata: + name: sso-redis +spec: + sentinel: + replicas: 3 + resources: + requests: + cpu: 100m + limits: + memory: 100Mi + redis: + replicas: 3 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 400m + memory: 500Mi diff --git a/resources/hydra-dispatcher/files/hydra/default.yaml b/resources/hydra-dispatcher/files/hydra/default.yaml index 52e6dbb..d86c656 100644 --- a/resources/hydra-dispatcher/files/hydra/default.yaml +++ b/resources/hydra-dispatcher/files/hydra/default.yaml @@ -14,4 +14,4 @@ hydra: api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%" firewall: additional_properties: "%env(bool:HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES)%" - rules: {} \ No newline at end of file + rules: {} diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 0eb6055..8f2c569 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -21,7 +21,7 @@ configMapGenerator: - COOKIE_PATH=/ - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en - - REDIS_DSN= redis://redis:6379?&prefix=hydradispatcher&ttl=3600 + - REDIS_DSN="redis://rfs-sso-redis:26379?&redis_sentinel=mymaster" - name: hydra-dispatcher-apps files: - apps.yaml=./files/hydra/default.yaml -- 2.17.1 From fcfbb6cc3007cbc6f5e32b81290ed0a5976896da Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Fri, 15 Dec 2023 15:25:02 +0100 Subject: [PATCH 08/47] correction port mapping de hydra-remote-user --- components/hydra-saml/resources/hydra-saml-remote-user.yaml | 3 ++- examples/authenticated-app/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/components/hydra-saml/resources/hydra-saml-remote-user.yaml b/components/hydra-saml/resources/hydra-saml-remote-user.yaml index 0b9cbba..cf4705e 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user.yaml @@ -23,7 +23,7 @@ spec: - configMapRef: name: hydra-saml-env ports: - - containerPort: 80 + - containerPort: 8080 resources: {} restartPolicy: Always --- @@ -37,6 +37,7 @@ spec: ports: - name: http port: 80 + targetPort: 8080 selector: io.kompose.service: hydra-saml-remote-user status: diff --git a/examples/authenticated-app/README.md b/examples/authenticated-app/README.md index be79890..1619333 100644 --- a/examples/authenticated-app/README.md +++ b/examples/authenticated-app/README.md @@ -15,7 +15,7 @@ L'exemple est actuellement déployé avec le composant `hydra-saml` uniquement. 2. Déployer les opérateurs nécessaires au déploiement ``` - kubectl apply -k ./examples/k8s/kind/cluster --server-side + kubectl apply -k ./examples/k8s/kind/cluster --server-side ``` 3. Déployer l'application -- 2.17.1 From bbeb1ec62fbe5f40e367d14d5c2f2dfb54f67600 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 18 Dec 2023 09:25:30 +0100 Subject: [PATCH 09/47] mise en place d'un component pour Redis --- components/redis/kustomization.yaml | 6 ++++++ .../redis/resources/redis-failover.yaml | 0 overlays/base/kustomization.yaml | 1 - overlays/full/kustomization.yaml | 3 ++- 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 components/redis/kustomization.yaml rename overlays/base/patches/sso-redis.yaml => components/redis/resources/redis-failover.yaml (100%) diff --git a/components/redis/kustomization.yaml b/components/redis/kustomization.yaml new file mode 100644 index 0000000..c030cf5 --- /dev/null +++ b/components/redis/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./resources/redis-failover.yaml + diff --git a/overlays/base/patches/sso-redis.yaml b/components/redis/resources/redis-failover.yaml similarity index 100% rename from overlays/base/patches/sso-redis.yaml rename to components/redis/resources/redis-failover.yaml diff --git a/overlays/base/kustomization.yaml b/overlays/base/kustomization.yaml index ef391a7..b85a923 100644 --- a/overlays/base/kustomization.yaml +++ b/overlays/base/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization resources: - ../../resources/hydra - ../../resources/hydra-dispatcher -- patches/sso-redis.yaml labels: - pairs: diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml index da68867..e9a6eac 100644 --- a/overlays/full/kustomization.yaml +++ b/overlays/full/kustomization.yaml @@ -14,4 +14,5 @@ components: - ../../components/hydra-oidc - ../../components/hydra-saml - ../../components/hydra-sql -- ../../components/oidc-test \ No newline at end of file +- ../../components/oidc-test +- ../../components/redis -- 2.17.1 From f4146345d589c1ca44da53db250484f6d12d9a5e Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 18 Dec 2023 10:38:13 +0100 Subject: [PATCH 10/47] Patche du DSN redis --- components/hydra-oidc/kustomization.yaml | 4 ++++ components/hydra-sql/kustomization.yaml | 4 ++++ components/redis/README.md | 23 +++++++++++++++++++ components/redis/kustomization.yaml | 5 ++++ components/redis/patches/hydra-apps.yaml | 3 +++ doc/README.md | 8 ------- resources/hydra-dispatcher/kustomization.yaml | 6 ++++- 7 files changed, 44 insertions(+), 9 deletions(-) create mode 100644 components/redis/README.md create mode 100644 components/redis/patches/hydra-apps.yaml delete mode 100644 doc/README.md diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index 215184b..ac4ec8c 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-oidc-deployment.yaml - ./resources/hydra-oidc-service.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-oidc-env literals: diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index b138dd7..b0b66d5 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-sql-service.yaml - ./resources/hydra-sql-deployment.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-sql-env literals: diff --git a/components/redis/README.md b/components/redis/README.md new file mode 100644 index 0000000..e8840e8 --- /dev/null +++ b/components/redis/README.md @@ -0,0 +1,23 @@ +# Composant `redis` + +### Description + +Les applications `hydra-dispatcher`, `hydra-sql` et `hydra-oidc` stockent dorénavant le cache et les sessions utilisateur sur un serveur Redis. +Le DSN du serveur est défini dans leur variable d'environnement respective `REDIS_DSN`. +Les applications peuvent utiliser le mode `sentinel`` de redis +Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour utiliser ces applications. + +### Principe général de fonctionnement + +Un `RedisFailOver` crée un cluster redis en mode sentinel avec 3 réplicats chacun. +Un patche viens mettre à jour la variable d'environnement `REDIS_DSN` dans les ConfigMap sur toutes les resources `hydra-*`. + + +### Personnalisation + +Via des `patches` sur la ressource `ConfigMap` via un label selecto `com.cadoles.forge.sso-kustom/session=redis` il est possible de modifier la valeur du `REDIS_DSN`. + + +|Clé|Description|Exemple| +|---|-----------|-------| +|`REDIS_DSN`| DSN du cluster Redis | `redis://rfs-sso-redis:26379?&redis_sentinel=mymaster` diff --git a/components/redis/kustomization.yaml b/components/redis/kustomization.yaml index c030cf5..609cf30 100644 --- a/components/redis/kustomization.yaml +++ b/components/redis/kustomization.yaml @@ -4,3 +4,8 @@ kind: Component resources: - ./resources/redis-failover.yaml +patches: +- path: ./patches/hydra-apps.yaml + target: + kind: ConfigMap + labelSelector: "com.cadoles.forge.sso-kustom/session=redis" diff --git a/components/redis/patches/hydra-apps.yaml b/components/redis/patches/hydra-apps.yaml new file mode 100644 index 0000000..6ab436a --- /dev/null +++ b/components/redis/patches/hydra-apps.yaml @@ -0,0 +1,3 @@ +- op: replace + path: "/data/REDIS_DSN" + value: "redis://rfs-sso-redis:26379?&redis_sentinel=mymaster" diff --git a/doc/README.md b/doc/README.md deleted file mode 100644 index 0dc6be7..0000000 --- a/doc/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Documentation - -### Redis - -Les applications `hydra-dispatcher`, `hydra-sql` et `hydra-oidc` stockent dorénavant le cache et les sessions utilisateur sur un serveur Redis. -Le DSN du serveur est défini dans leur variable d'environnement respective `REDIS_DSN`. -Les applications peuvent utiliser le mode `sentinel`` de redis -Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour utiliser ces applications. diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index 8f2c569..b3441fe 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -5,6 +5,10 @@ resources: - ./resources/hydra-dispatcher-deployment.yaml - ./resources/hydra-dispatcher-service.yaml +generatorOptions: + labels: + com.cadoles.forge.sso-kustom/session: redis + configMapGenerator: - name: hydra-dispatcher-env literals: @@ -21,7 +25,7 @@ configMapGenerator: - COOKIE_PATH=/ - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en - - REDIS_DSN="redis://rfs-sso-redis:26379?&redis_sentinel=mymaster" + - REDIS_DSN="redis://redis:6379" - name: hydra-dispatcher-apps files: - apps.yaml=./files/hydra/default.yaml -- 2.17.1 From 19910617bd93209732f03f6d42d83a8d7366b1ef Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 18 Dec 2023 10:52:54 +0100 Subject: [PATCH 11/47] typo --- components/redis/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/redis/README.md b/components/redis/README.md index e8840e8..41b5f16 100644 --- a/components/redis/README.md +++ b/components/redis/README.md @@ -4,13 +4,13 @@ Les applications `hydra-dispatcher`, `hydra-sql` et `hydra-oidc` stockent dorénavant le cache et les sessions utilisateur sur un serveur Redis. Le DSN du serveur est défini dans leur variable d'environnement respective `REDIS_DSN`. -Les applications peuvent utiliser le mode `sentinel`` de redis +Les applications peuvent utiliser le mode `sentinel` de redis Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour utiliser ces applications. ### Principe général de fonctionnement Un `RedisFailOver` crée un cluster redis en mode sentinel avec 3 réplicats chacun. -Un patche viens mettre à jour la variable d'environnement `REDIS_DSN` dans les ConfigMap sur toutes les resources `hydra-*`. +Un patch viens mettre à jour la variable d'environnement `REDIS_DSN` dans les ConfigMap sur toutes les resources `hydra-*`. ### Personnalisation -- 2.17.1 From 824b8613c4bcf91564b2906d07e460c168de8202 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 18 Dec 2023 11:15:51 +0100 Subject: [PATCH 12/47] update doc --- components/redis/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/redis/README.md b/components/redis/README.md index 41b5f16..072c605 100644 --- a/components/redis/README.md +++ b/components/redis/README.md @@ -10,12 +10,11 @@ Il est donc nécessaire donc nécessaire de disposer d'un serveur Redis pour uti ### Principe général de fonctionnement Un `RedisFailOver` crée un cluster redis en mode sentinel avec 3 réplicats chacun. -Un patch viens mettre à jour la variable d'environnement `REDIS_DSN` dans les ConfigMap sur toutes les resources `hydra-*`. ### Personnalisation -Via des `patches` sur la ressource `ConfigMap` via un label selecto `com.cadoles.forge.sso-kustom/session=redis` il est possible de modifier la valeur du `REDIS_DSN`. +Via des `patches` sur la ressource `ConfigMap` via un label selector `com.cadoles.forge.sso-kustom/session=redis` il est possible de modifier la valeur du `REDIS_DSN`. |Clé|Description|Exemple| -- 2.17.1 From 6b1702b7edfe23a5f60f376cba9b45115d5c7bd3 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 10:42:56 +0100 Subject: [PATCH 13/47] fix(component): do not specify namespace for werther component --- .../hydra-ldap/resources/deployment.yaml | 63 +++++++++---------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/components/hydra-ldap/resources/deployment.yaml b/components/hydra-ldap/resources/deployment.yaml index d330365..0a8bb20 100644 --- a/components/hydra-ldap/resources/deployment.yaml +++ b/components/hydra-ldap/resources/deployment.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: hydra-ldap - namespace: default labels: app.kubernetes.io/name: hydra-ldap app.kubernetes.io/version: "v1.2.2" @@ -18,34 +17,34 @@ spec: app.kubernetes.io/version: "v1.2.2" spec: containers: - - name: werther - image: reg.cadoles.com/cadoles/hydra-werther:2023.12.6-stable.1421.15a4717 - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: hydra-ldap-env - env: - - name: WERTHER_WEB_DIR - value: "/usr/share/werther/login/" - - name: WERTHER_LDAP_BINDDN - valueFrom: - secretKeyRef: - name: hydra-ldap-sc - key: WERTHER_LDAP_BINDDN - - name: WERTHER_LDAP_BINDPW - valueFrom: - secretKeyRef: - name: hydra-ldap-sc - key: WERTHER_LDAP_BINDPW - ports: - - containerPort: 8080 - name: hydra-ldap-http - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 100 + - name: werther + image: reg.cadoles.com/cadoles/hydra-werther:2023.12.6-stable.1421.15a4717 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: hydra-ldap-env + env: + - name: WERTHER_WEB_DIR + value: "/usr/share/werther/login/" + - name: WERTHER_LDAP_BINDDN + valueFrom: + secretKeyRef: + name: hydra-ldap-sc + key: WERTHER_LDAP_BINDDN + - name: WERTHER_LDAP_BINDPW + valueFrom: + secretKeyRef: + name: hydra-ldap-sc + key: WERTHER_LDAP_BINDPW + ports: + - containerPort: 8080 + name: hydra-ldap-http + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 100 -- 2.17.1 From 907618902e3e011539b180a366af61fc10ae7dd5 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 12:21:13 +0100 Subject: [PATCH 14/47] fix(resources): oauth2client CRD must be installed clusterwide --- .../resources/hydra-maester/kustomization.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml index 42c02f6..e4cc303 100644 --- a/resources/hydra/resources/hydra-maester/kustomization.yaml +++ b/resources/hydra/resources/hydra-maester/kustomization.yaml @@ -2,14 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./resources/hydra-maester-deployment.yaml - - ./resources/hydra-maester-rbac.yaml - - https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml +- ./resources/hydra-maester-deployment.yaml +- ./resources/hydra-maester-rbac.yaml +#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml configMapGenerator: - - name: hydra-maester-env - literals: - - APP_ENV=prod - - APP_DEBUG=false - - HYDRA_ADMIN_BASE_URL=http://hydra - - HYDRA_ADMIN_PORT=4445 \ No newline at end of file +- name: hydra-maester-env + literals: + - APP_ENV=prod + - APP_DEBUG=false + - HYDRA_ADMIN_BASE_URL=http://hydra + - HYDRA_ADMIN_PORT=4445 -- 2.17.1 From 1fccf5f8dcd6e9ce8ac9ad62cceb26e4b0db4c40 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 12:27:50 +0100 Subject: [PATCH 15/47] fix(resources): do not set namespace in maester rolebinding --- .../resources/hydra-maester-rbac.yaml | 35 +++++++++---------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml index 03548b3..258ed0a 100644 --- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml @@ -1,4 +1,3 @@ ---- # Source: hydra/charts/hydra-maester/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -11,12 +10,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: - - apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "create"] +- apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "create"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: ClusterRoleBinding @@ -24,9 +23,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: - - kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. - namespace: default +- kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -38,12 +36,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create"] - - apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create"] +- apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: RoleBinding @@ -51,9 +49,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: - - kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. - namespace: default +- kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. roleRef: apiGroup: rbac.authorization.k8s.io kind: Role -- 2.17.1 From 83b81b1056a7d1590c7b815237620907b35ed570 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 12:34:54 +0100 Subject: [PATCH 16/47] Revert "fix(resources): do not set namespace in maester rolebinding" This reverts commit 1fccf5f8dcd6e9ce8ac9ad62cceb26e4b0db4c40. --- .../resources/hydra-maester-rbac.yaml | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml index 258ed0a..03548b3 100644 --- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml @@ -1,3 +1,4 @@ +--- # Source: hydra/charts/hydra-maester/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -10,12 +11,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: -- apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "create"] + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "create"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: ClusterRoleBinding @@ -23,8 +24,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: -- kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -36,12 +38,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create"] -- apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create"] + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: RoleBinding @@ -49,8 +51,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: -- kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role -- 2.17.1 From f1d621d4a977c47752fd8bedfe13b7984e09d5fa Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Mon, 12 Feb 2024 11:42:35 +0100 Subject: [PATCH 17/47] fix(maester): CRD must be installed cluster wide --- resources/hydra/resources/hydra-maester/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/resources/hydra/resources/hydra-maester/kustomization.yaml b/resources/hydra/resources/hydra-maester/kustomization.yaml index e4cc303..c773693 100644 --- a/resources/hydra/resources/hydra-maester/kustomization.yaml +++ b/resources/hydra/resources/hydra-maester/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization resources: - ./resources/hydra-maester-deployment.yaml - ./resources/hydra-maester-rbac.yaml -#- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml configMapGenerator: - name: hydra-maester-env -- 2.17.1 From 0dbd5dd551420e10fe11726247769d7f55821a85 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Mon, 12 Feb 2024 11:46:07 +0100 Subject: [PATCH 18/47] fix(dispatcher): liveness probe must use the container port Container port is 8080 so ... the probes must use the same port --- .../resources/hydra-dispatcher-deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 4425640..410872c 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -49,21 +49,21 @@ spec: name: hydra-dispatcher-apps resources: {} - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 imagePullPolicy: Always name: hydra-dispatcher-nginx args: ["/usr/sbin/nginx"] readinessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 15 -- 2.17.1 From 0084707bbc29f8ead8e689b70e203513ecb60a48 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 13 Feb 2024 15:56:10 +0100 Subject: [PATCH 19/47] fix(dispatcher): dispatcher service must use containerport --- .../hydra-dispatcher/resources/hydra-dispatcher-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index dcbdd9f..1357a2a 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: http - port: 80 + port: 8080 selector: io.kompose.service: hydra-dispatcher status: -- 2.17.1 From 29f539f7ab903bdfbd5718bbca125213eebee6d4 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 13 Feb 2024 16:49:37 +0100 Subject: [PATCH 20/47] fix(oidc): removing deprecated and useless patch fix container liveness and readyness probes fix service with correct port --- components/hydra-oidc/kustomization.yaml | 62 ++++----- .../hydra-oidc/patches/hydra-oidc-env.yaml | 9 -- .../resources/hydra-oidc-deployment.yaml | 128 +++++++++--------- .../resources/hydra-oidc-service.yaml | 4 +- 4 files changed, 93 insertions(+), 110 deletions(-) delete mode 100644 components/hydra-oidc/patches/hydra-oidc-env.yaml diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index ac4ec8c..deec38c 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -2,43 +2,35 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - ./resources/hydra-oidc-deployment.yaml - - ./resources/hydra-oidc-service.yaml +- ./resources/hydra-oidc-deployment.yaml +- ./resources/hydra-oidc-service.yaml generatorOptions: labels: - com.cadoles.forge.sso-kustom/session: redis + com.cadoles.forge.sso-kustom/session: redis configMapGenerator: - - name: hydra-oidc-env - literals: - - APP_ENV=prod - - APP_DEBUG=false - - PHP_FPM_MEMORY_LIMIT=256m - - NGINX_APP_SERVER_LISTEN=80 - - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize - - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token - - OIDC_USERINFO_ENDPOINT=https://oidc-idp/api/v1/userinfo - - POST_LOGOUT_REDIRECT_URL=http://oidc-sp/logout - - OIDC_LOGOUT_ENDPOINT=https://oidc-idp/api/v1/logout?%s - - BASE_URL=http://hydra-oidc - - PARAMS_TO_DELETE=[] - - PARAMS_TO_INSERT={} - - OIDC_SCOPE=openid email - - CLIENT_ID_FC=MyClientID - - CLIENT_SECRET_FC=MyClientSecret - - COOKIE_PATH=/ - - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR - - REDIS_DSN="redis://redis:6379" - # - name: hydra-dispatcher-apps - # behavior: merge - # files: - # - apps.yaml=./files/hydra/oidc.yaml - -patchesJson6902: - - target: - version: v1 - kind: ConfigMap - name: hydra-oidc-env - path: patches/hydra-oidc-env.yaml +- name: hydra-oidc-env + literals: + - APP_ENV=prod + - APP_DEBUG=false + - PHP_FPM_MEMORY_LIMIT=256m + - NGINX_APP_SERVER_LISTEN=80 + - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher + - OIC_AUTHORIZE_ENDPOINT=https://oidc-idp/api/v1/authorize + - OIDC_TOKEN_ENDPOINT=https://oidc-idp/api/v1/token + - OIDC_USERINFO_ENDPOINT=https://oidc-idp/api/v1/userinfo + - POST_LOGOUT_REDIRECT_URL=http://oidc-sp/logout + - OIDC_LOGOUT_ENDPOINT=https://oidc-idp/api/v1/logout?%s + - BASE_URL=http://hydra-oidc + - PARAMS_TO_DELETE=[] + - PARAMS_TO_INSERT={} + - OIDC_SCOPE=openid email + - CLIENT_ID_FC=MyClientID + - CLIENT_SECRET_FC=MyClientSecret + - COOKIE_PATH=/ + - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR + - REDIS_DSN="redis://redis:6379" + - HYDRA_DISPATCHER_OIDC_LOGIN_URL="http://hydra-oidc/login" + - HYDRA_DISPATCHER_OIDC_CONSENT_URL="http://hydra-oidc/consent" + - HYDRA_DISPATCHER_OIDC_LOGOUT_URL="http://hydra-oidc/logout" diff --git a/components/hydra-oidc/patches/hydra-oidc-env.yaml b/components/hydra-oidc/patches/hydra-oidc-env.yaml deleted file mode 100644 index 0b56c86..0000000 --- a/components/hydra-oidc/patches/hydra-oidc-env.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_LOGIN_URL" - value: http://hydra-oidc/login -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_CONSENT_URL" - value: http://hydra-oidc/consent -- op: replace - path: "/data/HYDRA_DISPATCHER_OIDC_LOGOUT_URL" - value: http://hydra-oidc/logout \ No newline at end of file diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 2c73871..64892bb 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,70 +17,70 @@ spec: io.kompose.service: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - name: hydra-oidc-nginx - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /healthy - port: 80 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 80 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - ports: - - containerPort: 8080 - resources: {} + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad + imagePullPolicy: Always + name: hydra-oidc-nginx + args: ["/usr/sbin/nginx"] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: NGINX_APP_ROOT + value: "/public/" + - name: NGINX_APP_PHP_INDEX + value: "/index.php" + - name: NGINX_ERROR_LOG_LEVEL + value: "warn" + - name: NGINX_APP_PHP_NON_FILE_PATTERN + value: "^/index\\.php(/|$)" + ports: + - containerPort: 8080 + resources: {} restartPolicy: Always diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 0398b45..07aab4e 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,8 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 80 + - name: hydra-oidc + port: 8080 selector: io.kompose.service: hydra-oidc status: -- 2.17.1 From 45953d5531f517c217cc930ccad9057e4fae5e05 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 14 Feb 2024 11:06:36 +0100 Subject: [PATCH 21/47] fix(hydra): update hydra version to 2.1.2 --- resources/hydra/kustomization.yaml | 46 ++++++++++++++++-------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index 34b8a16..5a96fc6 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -1,36 +1,40 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +images: +- name: reg.cadoles.com/proxy_cache/oryd/hydra + newTag: v2.1.2 + resources: - - ./resources/hydra-deployment.yaml - - ./resources/hydra-service.yaml - - ./resources/hydra-role.yaml - - ./resources/hydra-rolebinding.yaml - - ./resources/hydra-serviceaccount.yaml - - ./resources/hydra-migrate-job.yaml - - ./resources/hydra-maester - - ./resources/hydra-janitor-cronjob.yaml +- ./resources/hydra-deployment.yaml +- ./resources/hydra-service.yaml +- ./resources/hydra-role.yaml +- ./resources/hydra-rolebinding.yaml +- ./resources/hydra-serviceaccount.yaml +- ./resources/hydra-migrate-job.yaml +- ./resources/hydra-maester +- ./resources/hydra-janitor-cronjob.yaml secretGenerator: - - name: hydra-secret - literals: - - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged +- name: hydra-secret + literals: + - SECRETS_SYSTEM=ThisShouldBeAbsolutelyChanged configMapGenerator: - - name: hydra-env - literals: - - URLS_SELF_ISSUER=http://localhost:4444 - - URLS_LOGIN=http://hydra-login-app/login - - URLS_CONSENT=http://hydra-consent-app/consent - - URLS_LOGOUT=http://hydra-logout-app/logout - - HYDRA_SERVE_ALL_ARGS=--dev - - LOG_LEVEL=info +- name: hydra-env + literals: + - URLS_SELF_ISSUER=http://localhost:4444 + - URLS_LOGIN=http://hydra-login-app/login + - URLS_CONSENT=http://hydra-consent-app/consent + - URLS_LOGOUT=http://hydra-logout-app/logout + - HYDRA_SERVE_ALL_ARGS=--dev + - LOG_LEVEL=info vars: - name: HYDRA_MIGRATE_JOB_NAME objref: name: hydra-migrate - kind: Job + kind: Job apiVersion: batch/v1 fieldref: - fieldpath: metadata.name \ No newline at end of file + fieldpath: metadata.name -- 2.17.1 From 1060fdf4bed525471d0429a73e2c2bdc6bd653d7 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 14 Feb 2024 11:07:47 +0100 Subject: [PATCH 22/47] fix(hydra): update hydra-maester version to 0.0.32 --- resources/hydra/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index 5a96fc6..92afa75 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -4,6 +4,8 @@ kind: Kustomization images: - name: reg.cadoles.com/proxy_cache/oryd/hydra newTag: v2.1.2 +- name: reg.cadoles.com/proxy_cache/oryd/hydra-maester + newTag: v0.0.32 resources: - ./resources/hydra-deployment.yaml -- 2.17.1 From 72a9932fc593caabd420fcbe4440aa71f3de2221 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 14 Feb 2024 11:30:54 +0100 Subject: [PATCH 23/47] fix(hydra): update hydra-maester version to 0.0.32-amd64 --- resources/hydra/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index 92afa75..f99e668 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -5,7 +5,7 @@ images: - name: reg.cadoles.com/proxy_cache/oryd/hydra newTag: v2.1.2 - name: reg.cadoles.com/proxy_cache/oryd/hydra-maester - newTag: v0.0.32 + newTag: v0.0.32-amd64 resources: - ./resources/hydra-deployment.yaml -- 2.17.1 From 380a116fa8ec4b4e0db060e3632c7e68ef9f77ea Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 21 Feb 2024 15:43:42 +0100 Subject: [PATCH 24/47] fix(all): use app.kubernetes.io/name label instead of io.kompose.service --- components/hydra-ldap/resources/service.yaml | 2 +- .../hydra-oidc/resources/hydra-oidc-deployment.yaml | 6 +++--- .../hydra-oidc/resources/hydra-oidc-service.yaml | 4 ++-- .../hydra-saml/resources/hydra-saml-remote-user.yaml | 10 +++++----- .../hydra-saml/resources/hydra-saml-shibboleth-sp.yaml | 10 +++++----- .../hydra-sql/resources/hydra-sql-deployment.yaml | 6 +++--- components/hydra-sql/resources/hydra-sql-service.yaml | 4 ++-- .../authenticated-app/resources/port-forwarder.yaml | 10 +++++----- examples/authenticated-app/resources/saml-idp.yaml | 10 +++++----- .../resources/hydra-dispatcher-deployment.yaml | 6 +++--- .../resources/hydra-dispatcher-service.yaml | 4 ++-- resources/hydra/resources/hydra-deployment.yaml | 6 +++--- resources/hydra/resources/hydra-service.yaml | 4 ++-- 13 files changed, 41 insertions(+), 41 deletions(-) diff --git a/components/hydra-ldap/resources/service.yaml b/components/hydra-ldap/resources/service.yaml index 4adbddb..29db7ec 100644 --- a/components/hydra-ldap/resources/service.yaml +++ b/components/hydra-ldap/resources/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-ldap + app.kubernetes.io/name: hydra-ldap name: hydra-ldap spec: type: ClusterIP diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 64892bb..9d26fa2 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra-oidc + app.kubernetes.io/name: hydra-oidc name: hydra-oidc spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra-oidc + app.kubernetes.io/name: hydra-oidc strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra-oidc + app.kubernetes.io/name: hydra-oidc spec: containers: - name: hydra-oidc-php-fpm diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 07aab4e..5a94e1d 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-oidc + app.kubernetes.io/name: hydra-oidc name: hydra-oidc spec: ports: - name: hydra-oidc port: 8080 selector: - io.kompose.service: hydra-oidc + app.kubernetes.io/name: hydra-oidc status: loadBalancer: {} diff --git a/components/hydra-saml/resources/hydra-saml-remote-user.yaml b/components/hydra-saml/resources/hydra-saml-remote-user.yaml index cf4705e..580dc75 100644 --- a/components/hydra-saml/resources/hydra-saml-remote-user.yaml +++ b/components/hydra-saml/resources/hydra-saml-remote-user.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra-saml-remote-user + app.kubernetes.io/name: hydra-saml-remote-user name: hydra-saml-remote-user spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra-saml-remote-user + app.kubernetes.io/name: hydra-saml-remote-user strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra-saml-remote-user + app.kubernetes.io/name: hydra-saml-remote-user spec: containers: - name: hydra-saml-remote-user @@ -31,7 +31,7 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-saml-remote-user + app.kubernetes.io/name: hydra-saml-remote-user name: hydra-saml-remote-user spec: ports: @@ -39,6 +39,6 @@ spec: port: 80 targetPort: 8080 selector: - io.kompose.service: hydra-saml-remote-user + app.kubernetes.io/name: hydra-saml-remote-user status: loadBalancer: {} diff --git a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml index d715d34..555a73a 100644 --- a/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml +++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra-saml-shibboleth-sp + app.kubernetes.io/name: hydra-saml-shibboleth-sp name: hydra-saml-shibboleth-sp spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra-saml-shibboleth-sp + app.kubernetes.io/name: hydra-saml-shibboleth-sp strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra-saml-shibboleth-sp + app.kubernetes.io/name: hydra-saml-shibboleth-sp spec: securityContext: fsGroup: 102 @@ -41,14 +41,14 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-saml + app.kubernetes.io/name: hydra-saml name: hydra-saml spec: ports: - name: http port: 80 selector: - io.kompose.service: hydra-saml-shibboleth-sp + app.kubernetes.io/name: hydra-saml-shibboleth-sp status: loadBalancer: {} diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 0b03667..6484b14 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra-sql + app.kubernetes.io/name: hydra-sql name: hydra-sql spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra-sql + app.kubernetes.io/name: hydra-sql strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra-sql + app.kubernetes.io/name: hydra-sql spec: containers: - name: hydra-sql-fpm diff --git a/components/hydra-sql/resources/hydra-sql-service.yaml b/components/hydra-sql/resources/hydra-sql-service.yaml index 2941999..b4073c6 100644 --- a/components/hydra-sql/resources/hydra-sql-service.yaml +++ b/components/hydra-sql/resources/hydra-sql-service.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-sql + app.kubernetes.io/name: hydra-sql name: hydra-sql spec: ports: - name: hydra-sql port: 8080 selector: - io.kompose.service: hydra-sql + app.kubernetes.io/name: hydra-sql status: loadBalancer: {} diff --git a/examples/authenticated-app/resources/port-forwarder.yaml b/examples/authenticated-app/resources/port-forwarder.yaml index 7db316a..d55ccf8 100644 --- a/examples/authenticated-app/resources/port-forwarder.yaml +++ b/examples/authenticated-app/resources/port-forwarder.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: port-forwarder + app.kubernetes.io/name: port-forwarder name: port-forwarder spec: replicas: 1 selector: matchLabels: - io.kompose.service: port-forwarder + app.kubernetes.io/name: port-forwarder strategy: type: Recreate template: metadata: labels: - io.kompose.service: port-forwarder + app.kubernetes.io/name: port-forwarder spec: containers: - image: hpello/tcp-proxy:latest @@ -42,7 +42,7 @@ apiVersion: v1 metadata: name: ssokustom labels: - io.kompose.service: port-forwarder + app.kubernetes.io/name: port-forwarder spec: ports: - name: https @@ -52,4 +52,4 @@ spec: port: 80 targetPort: 80 selector: - io.kompose.service: port-forwarder \ No newline at end of file + app.kubernetes.io/name: port-forwarder \ No newline at end of file diff --git a/examples/authenticated-app/resources/saml-idp.yaml b/examples/authenticated-app/resources/saml-idp.yaml index d89cdbf..20146d2 100644 --- a/examples/authenticated-app/resources/saml-idp.yaml +++ b/examples/authenticated-app/resources/saml-idp.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: saml-idp + app.kubernetes.io/name: saml-idp name: saml-idp spec: replicas: 1 selector: matchLabels: - io.kompose.service: saml-idp + app.kubernetes.io/name: saml-idp strategy: type: Recreate template: metadata: labels: - io.kompose.service: saml-idp + app.kubernetes.io/name: saml-idp spec: containers: - image: kristophjunge/test-saml-idp:1.15 @@ -35,7 +35,7 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: saml-idp + app.kubernetes.io/name: saml-idp name: saml-idp spec: ports: @@ -46,6 +46,6 @@ spec: port: 8443 targetPort: 8443 selector: - io.kompose.service: saml-idp + app.kubernetes.io/name: saml-idp status: loadBalancer: {} \ No newline at end of file diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 410872c..fc314ad 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra-dispatcher + app.kubernetes.io/name: hydra-dispatcher name: hydra-dispatcher spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra-dispatcher + app.kubernetes.io/name: hydra-dispatcher strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra-dispatcher + app.kubernetes.io/name: hydra-dispatcher spec: containers: - name: hydra-dispatcher-php-fpm diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index 1357a2a..4a209a3 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra-dispatcher + app.kubernetes.io/name: hydra-dispatcher name: hydra-dispatcher spec: ports: - name: http port: 8080 selector: - io.kompose.service: hydra-dispatcher + app.kubernetes.io/name: hydra-dispatcher status: loadBalancer: {} diff --git a/resources/hydra/resources/hydra-deployment.yaml b/resources/hydra/resources/hydra-deployment.yaml index bf15af4..450e10d 100644 --- a/resources/hydra/resources/hydra-deployment.yaml +++ b/resources/hydra/resources/hydra-deployment.yaml @@ -2,19 +2,19 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - io.kompose.service: hydra + app.kubernetes.io/name: hydra name: hydra spec: replicas: 1 selector: matchLabels: - io.kompose.service: hydra + app.kubernetes.io/name: hydra strategy: type: Recreate template: metadata: labels: - io.kompose.service: hydra + app.kubernetes.io/name: hydra spec: serviceAccountName: hydra-sa initContainers: diff --git a/resources/hydra/resources/hydra-service.yaml b/resources/hydra/resources/hydra-service.yaml index 642203d..31389bd 100644 --- a/resources/hydra/resources/hydra-service.yaml +++ b/resources/hydra/resources/hydra-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: labels: - io.kompose.service: hydra + app.kubernetes.io/name: hydra name: hydra spec: ports: @@ -13,6 +13,6 @@ spec: port: 4445 targetPort: hydra-admin selector: - io.kompose.service: hydra + app.kubernetes.io/name: hydra status: loadBalancer: {} -- 2.17.1 From 9020c73512cab4dcc4b1e901e25ddf7223787019 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:10 +0200 Subject: [PATCH 25/47] feat(hydra-dispatcher): non root deployment with caddy --- .../hydra-dispatcher-deployment.yaml | 49 ++++++++++++------- .../resources/hydra-dispatcher-service.yaml | 2 +- 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index fc314ad..1bbdf80 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -48,22 +48,33 @@ spec: - mountPath: /app/config/hydra name: hydra-dispatcher-apps resources: {} - - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 imagePullPolicy: Always - name: hydra-dispatcher-nginx - args: ["/usr/sbin/nginx"] + name: hydra-dispatcher-caddy + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] readinessProbe: httpGet: path: /health - port: 8080 + port: 80 initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health - port: 8080 + port: 80 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 15 @@ -71,19 +82,23 @@ spec: - configMapRef: name: hydra-dispatcher-env env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "80" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" ports: - - containerPort: 8080 + - containerPort: 80 resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always volumes: - name: hydra-dispatcher-apps diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index 4a209a3..1f8a023 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: http - port: 8080 + port: 80 selector: app.kubernetes.io/name: hydra-dispatcher status: -- 2.17.1 From 212de51a84b0ab53673b184399d1dc2360c2e727 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:24 +0200 Subject: [PATCH 26/47] feat(hydra-oidc): non root deployment with caddy --- .../resources/hydra-oidc-deployment.yaml | 145 ++++++++++-------- .../resources/hydra-oidc-service.yaml | 4 +- 2 files changed, 82 insertions(+), 67 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index 9d26fa2..a6f1222 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,70 +17,85 @@ spec: app.kubernetes.io/name: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - imagePullPolicy: Always - name: hydra-oidc-nginx - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public/" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - ports: - - containerPort: 8080 - resources: {} + - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + name: hydra-oidc-caddy + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always - diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 5a94e1d..8cc03d1 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,8 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 8080 + - name: hydra-oidc + port: 8080 selector: app.kubernetes.io/name: hydra-oidc status: -- 2.17.1 From 5ea7789cc238bd05e446ce70e4d9826247ed6a2f Mon Sep 17 00:00:00 2001 From: cmsassot Date: Wed, 3 Apr 2024 09:45:36 +0200 Subject: [PATCH 27/47] feat(hydra-sql): non root deployment with caddy --- .../resources/hydra-sql-deployment.yaml | 170 ++++++++++-------- 1 file changed, 93 insertions(+), 77 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 6484b14..92e47af 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -17,84 +17,100 @@ spec: app.kubernetes.io/name: hydra-sql spec: containers: - - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - resources: {} - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-fpm + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - - name: hydra-sql-nginx - image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 - imagePullPolicy: Always - args: ["/usr/sbin/nginx"] - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: NGINX_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: NGINX_APP_ROOT - value: "/public" - - name: NGINX_APP_PHP_INDEX - value: "/index.php" - - name: NGINX_ERROR_LOG_LEVEL - value: "warn" - - name: NGINX_APP_PHP_NON_FILE_PATTERN - value: "^/index\\.php(/|$)" - resources: {} - ports: - - containerPort: 8080 - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-caddy + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + ports: + - containerPort: 8080 + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" volumes: - - name: sql-login-config - configMap: - name: sql-login-config + - name: sql-login-config + configMap: + name: sql-login-config restartPolicy: Always -- 2.17.1 From a88a8240aac6dbd492a95e8bed1884ef94e343a0 Mon Sep 17 00:00:00 2001 From: cmsassot Date: Thu, 4 Apr 2024 11:34:00 +0200 Subject: [PATCH 28/47] feat(deploiement): use port name --- .../resources/hydra-oidc-deployment.yaml | 161 ++++++++-------- .../resources/hydra-oidc-service.yaml | 5 +- .../resources/hydra-sql-deployment.yaml | 181 +++++++++--------- .../resources/hydra-sql-service.yaml | 5 +- .../hydra-dispatcher-deployment.yaml | 13 +- .../resources/hydra-dispatcher-service.yaml | 5 +- 6 files changed, 188 insertions(+), 182 deletions(-) diff --git a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml index a6f1222..022806e 100644 --- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml @@ -17,85 +17,86 @@ spec: app.kubernetes.io/name: hydra-oidc spec: containers: - - name: hydra-oidc-php-fpm - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - envFrom: - - configMapRef: - name: hydra-oidc-env - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 + - name: hydra-oidc-php-fpm + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + envFrom: + - configMapRef: + name: hydra-oidc-env + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 - imagePullPolicy: Always - name: hydra-oidc-caddy - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] - readinessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthy - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - ports: - - containerPort: 8080 - envFrom: - - configMapRef: - name: hydra-oidc-env - env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 + - name: hydra-oidc-caddy + image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + ports: + - containerPort: 8080 + name: http + envFrom: + - configMapRef: + name: hydra-oidc-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 restartPolicy: Always diff --git a/components/hydra-oidc/resources/hydra-oidc-service.yaml b/components/hydra-oidc/resources/hydra-oidc-service.yaml index 8cc03d1..3cc9f8c 100644 --- a/components/hydra-oidc/resources/hydra-oidc-service.yaml +++ b/components/hydra-oidc/resources/hydra-oidc-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-oidc spec: ports: - - name: hydra-oidc - port: 8080 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-oidc status: diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 92e47af..400ae54 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -17,97 +17,98 @@ spec: app.kubernetes.io/name: hydra-sql spec: containers: - - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 - imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] - readinessProbe: - exec: - command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf - livenessProbe: - exec: - command: - - php - - bin/console - - -V - initialDelaySeconds: 10 - periodSeconds: 30 - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-fpm + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: ["/usr/sbin/php-fpm81", "-F", "-e"] + readinessProbe: + exec: + command: + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf + livenessProbe: + exec: + command: + - php + - bin/console + - -V + initialDelaySeconds: 10 + periodSeconds: 30 + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 - imagePullPolicy: Always - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 5 - periodSeconds: 15 - envFrom: - - configMapRef: - name: hydra-sql-env - env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" - resources: {} - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 - ports: - - containerPort: 8080 - volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: hydra-sql-caddy + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + imagePullPolicy: Always + args: + [ + "/usr/sbin/caddy", + "run", + "--adapter", + "caddyfile", + "--config", + "/etc/caddy/Caddyfile", + ] + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 15 + envFrom: + - configMapRef: + name: hydra-sql-env + env: + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" + resources: {} + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" volumes: - name: sql-login-config configMap: diff --git a/components/hydra-sql/resources/hydra-sql-service.yaml b/components/hydra-sql/resources/hydra-sql-service.yaml index b4073c6..d47ff69 100644 --- a/components/hydra-sql/resources/hydra-sql-service.yaml +++ b/components/hydra-sql/resources/hydra-sql-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-sql spec: ports: - - name: hydra-sql - port: 8080 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-sql status: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 1bbdf80..b7320d5 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -52,9 +52,9 @@ spec: runAsNonRoot: true runAsGroup: 1000 runAsUser: 1000 - - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 + - name: hydra-dispatcher-caddy + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 imagePullPolicy: Always - name: hydra-dispatcher-caddy args: [ "/usr/sbin/caddy", @@ -67,14 +67,14 @@ spec: readinessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health - port: 80 + port: 8080 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 15 @@ -87,13 +87,14 @@ spec: - name: CADDY_HTTPS_PORT value: "8443" - name: CADDY_HTTP_PORT - value: "80" + value: "8080" - name: CADDY_DATA_FS value: "/tmp/caddy" - name: CADDY_APP_ROOT_PUBLIC value: "/app/public/" ports: - - containerPort: 80 + - containerPort: 8080 + name: http resources: {} securityContext: runAsNonRoot: true diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml index 1f8a023..1985e0d 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml @@ -6,8 +6,9 @@ metadata: name: hydra-dispatcher spec: ports: - - name: http - port: 80 + - name: http + port: 80 + targetPort: http selector: app.kubernetes.io/name: hydra-dispatcher status: -- 2.17.1 From 054f84baef1290249eacc02b1befa39f610289fb Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Thu, 4 Apr 2024 17:46:38 +0200 Subject: [PATCH 29/47] clean(lint): fix indentation --- .../resources/hydra-sql-deployment.yaml | 88 +++++++++---------- 1 file changed, 40 insertions(+), 48 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 400ae54..d47b224 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -24,15 +24,15 @@ spec: readinessProbe: exec: command: - - sh - - -c - - test -f /etc/php81/php-fpm.d/www.conf + - sh + - -c + - test -f /etc/php81/php-fpm.d/www.conf livenessProbe: exec: command: - - php - - bin/console - - -V + - php + - bin/console + - -V initialDelaySeconds: 10 periodSeconds: 30 resources: {} @@ -41,34 +41,26 @@ spec: runAsGroup: 1000 runAsUser: 1000 envFrom: - - configMapRef: - name: hydra-sql-env + - configMapRef: + name: hydra-sql-env env: - - name: PHP_FPM_LISTEN - value: 127.0.0.1:9000 - - name: PHP_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_MEMORY_LIMIT - value: 128m - - name: PHP_FPM_LOG_LEVEL - value: warning + - name: PHP_FPM_LISTEN + value: 127.0.0.1:9000 + - name: PHP_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_MEMORY_LIMIT + value: 128m + - name: PHP_FPM_LOG_LEVEL + value: warning volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" + - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" - name: hydra-sql-caddy image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 imagePullPolicy: Always - args: - [ - "/usr/sbin/caddy", - "run", - "--adapter", - "caddyfile", - "--config", - "/etc/caddy/Caddyfile", - ] + args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: httpGet: path: /health @@ -84,34 +76,34 @@ spec: timeoutSeconds: 5 periodSeconds: 15 envFrom: - - configMapRef: - name: hydra-sql-env + - configMapRef: + name: hydra-sql-env env: - - name: CADDY_APP_UPSTREAM_BACKEND_SERVER - value: 127.0.0.1:9000 - - name: CADDY_HTTPS_PORT - value: "8443" - - name: CADDY_HTTP_PORT - value: "8080" - - name: CADDY_DATA_FS - value: "/tmp/caddy" - - name: CADDY_APP_ROOT_PUBLIC - value: "/app/public/" + - name: CADDY_APP_UPSTREAM_BACKEND_SERVER + value: 127.0.0.1:9000 + - name: CADDY_HTTPS_PORT + value: "8443" + - name: CADDY_HTTP_PORT + value: "8080" + - name: CADDY_DATA_FS + value: "/tmp/caddy" + - name: CADDY_APP_ROOT_PUBLIC + value: "/app/public/" resources: {} securityContext: runAsNonRoot: true runAsGroup: 1000 runAsUser: 1000 ports: - - containerPort: 8080 - name: http + - containerPort: 8080 + name: http volumeMounts: - - name: sql-login-config - mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - subPath: "sql_login.yaml" - volumes: - name: sql-login-config - configMap: - name: sql-login-config + mountPath: "/app/config/sql_login_configuration/sql_login.yaml" + subPath: "sql_login.yaml" + volumes: + - name: sql-login-config + configMap: + name: sql-login-config restartPolicy: Always -- 2.17.1 From c174ddb7347a0663c50151f8e71152687086d09d Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 29 Apr 2024 12:11:01 +0200 Subject: [PATCH 30/47] chore(dispatcher sql): update images refs --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 2 +- .../hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index d47b224..3e81e23 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1147.e03312b imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index b7320d5..4182b02 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1139.0f72845 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: -- 2.17.1 From 32ccca7616abb9608591d6c7cc84748bf95e581f Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 29 Apr 2024 12:11:53 +0200 Subject: [PATCH 31/47] typo --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 2 +- .../hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 3e81e23..e280e82 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -58,7 +58,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1147.e03312b imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 4182b02..e979185 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -53,7 +53,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 - name: hydra-dispatcher-caddy - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1139.0f72845 imagePullPolicy: Always args: [ -- 2.17.1 From a7578445b4e180866ad00e82fe890980ef83bd99 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 29 Apr 2024 13:47:58 +0200 Subject: [PATCH 32/47] fix(php-fpm): set php-fpm82 for hydra-sql and hydra-dispatcher --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 2 +- .../hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index e280e82..fa0b601 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -20,7 +20,7 @@ spec: - name: hydra-sql-fpm image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1147.e03312b imagePullPolicy: Always - args: ["/usr/sbin/php-fpm81", "-F", "-e"] + args: ["/usr/sbin/php-fpm82", "-F", "-e"] readinessProbe: exec: command: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index e979185..36c054e 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -19,7 +19,7 @@ spec: containers: - name: hydra-dispatcher-php-fpm image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1139.0f72845 - args: ["/usr/sbin/php-fpm81", "-F", "-e"] + args: ["/usr/sbin/php-fpm82", "-F", "-e"] readinessProbe: exec: command: -- 2.17.1 From 513797be3592430761bb706cc65fd5e9b49ff612 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 29 Apr 2024 14:57:52 +0200 Subject: [PATCH 33/47] fix(php-fpm): set php-fpm81 for hydra-sql and hydra-dispatcher --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 6 +++--- .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index fa0b601..0fe434b 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,9 +18,9 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1147.e03312b + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1416.f9d7e94 imagePullPolicy: Always - args: ["/usr/sbin/php-fpm82", "-F", "-e"] + args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: command: @@ -58,7 +58,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1147.e03312b + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1416.f9d7e94 imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 36c054e..7745243 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,8 +18,8 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1139.0f72845 - args: ["/usr/sbin/php-fpm82", "-F", "-e"] + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1417.7f64598 + args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: command: -- 2.17.1 From 456e92ca0ec72dc3caa49e50b9875d76f7b17c32 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Wed, 22 May 2024 15:42:15 +0200 Subject: [PATCH 34/47] sprint-8: update hydra-sql ref image --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 0fe434b..bde4d60 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1416.f9d7e94 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.5.21-develop.1050.890c44d imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -58,7 +58,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.29-develop.1416.f9d7e94 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.5.21-develop.1050.890c44d imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1 From f52b3117b54b544ffb92759f877f00c9f337a40d Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 10 Jun 2024 10:59:31 +0200 Subject: [PATCH 35/47] chore(hydra-sql): update image ref sprint-10 --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index bde4d60..e759481 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.5.21-develop.1050.890c44d + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.6.6-develop.1343.769e7ed imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -58,7 +58,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.5.21-develop.1050.890c44d + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.6.6-develop.1343.769e7ed imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1 From 176b5a6696cad35488b9d846a74fcf4fe208f89a Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Mon, 10 Jun 2024 11:13:02 +0200 Subject: [PATCH 36/47] fix(hydra-sql): addin RollingUpdate stratgy config --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index e759481..6287734 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -10,7 +10,10 @@ spec: matchLabels: app.kubernetes.io/name: hydra-sql strategy: - type: Recreate + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% template: metadata: labels: -- 2.17.1 From 36a8e117e8b792d80d50f60f5a5ae23df66f6ca9 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Thu, 25 Jul 2024 10:35:53 +0200 Subject: [PATCH 37/47] update symfony-container ref, add rewrite subject hydra-sql --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- .../resources/hydra-dispatcher-deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 6287734..eac03b4 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.6.6-develop.1343.769e7ed + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.7.25-develop.1026.5bfd899 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -61,7 +61,7 @@ spec: subPath: "sql_login.yaml" - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.6.6-develop.1343.769e7ed + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.7.25-develop.1026.5bfd899 imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 7745243..202004d 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1417.7f64598 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.7.25-develop.1034.21d6822 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -53,7 +53,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 - name: hydra-dispatcher-caddy - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.29-develop.1139.0f72845 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.7.25-develop.1034.21d6822 imagePullPolicy: Always args: [ -- 2.17.1 From 65fccdc3cee4bc636245807d3beee0b45895fe45 Mon Sep 17 00:00:00 2001 From: vcarroy Date: Fri, 2 Aug 2024 10:33:27 +0200 Subject: [PATCH 38/47] Add opcache to symfony apps --- components/hydra-sql/files/03_base.ini | 22 +++++++++++++++++++ components/hydra-sql/kustomization.yaml | 3 +++ .../resources/hydra-sql-deployment.yaml | 10 +++++++++ resources/hydra-dispatcher/files/03_base.ini | 22 +++++++++++++++++++ resources/hydra-dispatcher/kustomization.yaml | 3 +++ .../hydra-dispatcher-deployment.yaml | 10 +++++++++ 6 files changed, 70 insertions(+) create mode 100644 components/hydra-sql/files/03_base.ini create mode 100644 resources/hydra-dispatcher/files/03_base.ini diff --git a/components/hydra-sql/files/03_base.ini b/components/hydra-sql/files/03_base.ini new file mode 100644 index 0000000..c416de0 --- /dev/null +++ b/components/hydra-sql/files/03_base.ini @@ -0,0 +1,22 @@ +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +opcache.memory_consumption=512 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=20000 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +opcache.validate_timestamps=${OPCACHE_VALIDATE_TIMESTAMP} + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +opcache.revalidate_freq=${OPCACHE_REVALIDATE_FREQ} \ No newline at end of file diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index b0b66d5..ae964ce 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -26,3 +26,6 @@ configMapGenerator: - name: sql-login-config files: - ./files/sql_login.yaml +- name: hydra-sql-php-ini + files: + - ./files/03_base.ini diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index eac03b4..925fa49 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -55,10 +55,17 @@ spec: value: 128m - name: PHP_FPM_LOG_LEVEL value: warning + - name: OPCACHE_VALIDATE_TIMESTAMP + value: "0" + - name: OPCACHE_REVALIDATE_FREQ + value: "0" volumeMounts: - name: sql-login-config mountPath: "/app/config/sql_login_configuration/sql_login.yaml" subPath: "sql_login.yaml" + - name: hydra-sql-php-ini + mountPath: /etc/php81/conf.d/03_base.ini + subPath: 03_base.ini - name: hydra-sql-caddy image: reg.cadoles.com/cadoles/hydra-sql-base:2024.7.25-develop.1026.5bfd899 @@ -108,5 +115,8 @@ spec: - name: sql-login-config configMap: name: sql-login-config + - name: hydra-sql-php-ini + configMap: + name: hydra-sql-php-ini restartPolicy: Always diff --git a/resources/hydra-dispatcher/files/03_base.ini b/resources/hydra-dispatcher/files/03_base.ini new file mode 100644 index 0000000..c416de0 --- /dev/null +++ b/resources/hydra-dispatcher/files/03_base.ini @@ -0,0 +1,22 @@ +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +opcache.memory_consumption=512 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=20000 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +opcache.validate_timestamps=${OPCACHE_VALIDATE_TIMESTAMP} + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +opcache.revalidate_freq=${OPCACHE_REVALIDATE_FREQ} \ No newline at end of file diff --git a/resources/hydra-dispatcher/kustomization.yaml b/resources/hydra-dispatcher/kustomization.yaml index b3441fe..7ab4a1d 100644 --- a/resources/hydra-dispatcher/kustomization.yaml +++ b/resources/hydra-dispatcher/kustomization.yaml @@ -29,3 +29,6 @@ configMapGenerator: - name: hydra-dispatcher-apps files: - apps.yaml=./files/hydra/default.yaml +- name: hydra-dispatcher-php-ini + files: + - ./files/03_base.ini \ No newline at end of file diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 202004d..93cbcad 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -41,12 +41,19 @@ spec: value: 128m - name: PHP_FPM_MEMORY_LIMIT value: 128m + - name: OPCACHE_VALIDATE_TIMESTAMP + value: "0" + - name: OPCACHE_REVALIDATE_FREQ + value: "0" envFrom: - configMapRef: name: hydra-dispatcher-env volumeMounts: - mountPath: /app/config/hydra name: hydra-dispatcher-apps + - name: hydra-dispatcher-php-ini + mountPath: /etc/php81/conf.d/03_base.ini + subPath: 03_base.ini resources: {} securityContext: runAsNonRoot: true @@ -105,3 +112,6 @@ spec: - name: hydra-dispatcher-apps configMap: name: hydra-dispatcher-apps + - name: hydra-dispatcher-php-ini + configMap: + name: hydra-dispatcher-php-ini \ No newline at end of file -- 2.17.1 From af76c99d91616256623c7d0090bf8e675e44be3b Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Tue, 24 Sep 2024 13:43:59 +0200 Subject: [PATCH 39/47] chore(hydra-sql) : improve sql handler --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 925fa49..de26e1a 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.7.25-develop.1026.5bfd899 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.9.24-develop.1300.fe4d683 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -68,7 +68,7 @@ spec: subPath: 03_base.ini - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.7.25-develop.1026.5bfd899 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.9.24-develop.1300.fe4d683 imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1 From 1ea76c2153fcfe8a66765e7f348235a1bf9d8ed3 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Tue, 24 Sep 2024 13:44:40 +0200 Subject: [PATCH 40/47] chore(hydra-dispatcher) : improve header cache --- .../resources/hydra-dispatcher-deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index 93cbcad..c170fb8 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.7.25-develop.1034.21d6822 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb2 args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: @@ -60,7 +60,7 @@ spec: runAsGroup: 1000 runAsUser: 1000 - name: hydra-dispatcher-caddy - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.7.25-develop.1034.21d6822 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb imagePullPolicy: Always args: [ @@ -114,4 +114,4 @@ spec: name: hydra-dispatcher-apps - name: hydra-dispatcher-php-ini configMap: - name: hydra-dispatcher-php-ini \ No newline at end of file + name: hydra-dispatcher-php-ini -- 2.17.1 From 15ad23049f97855b062fc54aba03f7fe8e00cd1c Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Tue, 24 Sep 2024 14:39:10 +0200 Subject: [PATCH 41/47] fix(hydra-dispatcher): typo on ref --- .../hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml index c170fb8..5006247 100644 --- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml +++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: hydra-dispatcher-php-fpm - image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb2 + image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: exec: -- 2.17.1 From a5c9c733f62c97eaa66014444f8e73dcefc0909f Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Thu, 26 Sep 2024 09:50:54 +0200 Subject: [PATCH 42/47] feat(postgres): adding hydra max_conns parameter support Mandatory for large scale deployements --- .../hydra-cnpg-database/kustomization.yaml | 22 ------------------- .../patches/hydra-deployment.yaml | 14 +++++++++--- .../patches/hydra-janitor-cronjob.yaml | 14 +++++++++--- .../patches/hydra-migrate-job.yaml | 14 +++++++++--- .../resources/hydra-cnpg-cluster.yaml | 6 +---- resources/hydra/kustomization.yaml | 1 + 6 files changed, 35 insertions(+), 36 deletions(-) diff --git a/components/hydra-cnpg-database/kustomization.yaml b/components/hydra-cnpg-database/kustomization.yaml index 4ebccef..737555f 100644 --- a/components/hydra-cnpg-database/kustomization.yaml +++ b/components/hydra-cnpg-database/kustomization.yaml @@ -7,28 +7,6 @@ configurations: resources: - ./resources/hydra-cnpg-cluster.yaml -secretGenerator: -- name: hydra-postgres-admin - type: Secret - literals: - - username=postgres - - password=NotSoSecret -- name: hydra-postgres-user - type: Secret - literals: - - username=hydra - - password=NotSoSecret - - -vars: -- name: HYDRA_DATABASE_SERVICE_NAME - objref: - name: hydra-postgres - kind: Cluster - apiVersion: postgresql.cnpg.io/v1 - fieldref: - fieldpath: metadata.name - patches: - target: group: apps diff --git a/components/hydra-cnpg-database/patches/hydra-deployment.yaml b/components/hydra-cnpg-database/patches/hydra-deployment.yaml index 6185612..db7d518 100644 --- a/components/hydra-cnpg-database/patches/hydra-deployment.yaml +++ b/components/hydra-cnpg-database/patches/hydra-deployment.yaml @@ -4,7 +4,7 @@ name: HYDRA_DATABASE_USER valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: username - op: add path: "/spec/template/spec/containers/0/env/-" @@ -12,10 +12,18 @@ name: HYDRA_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: password +- op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_SERVICE_NAME + valueFrom: + secretKeyRef: + name: hydra-postgres-app + key: host - op: add path: "/spec/template/spec/containers/0/env/-" value: name: DSN - value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable" \ No newline at end of file + value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable&max_conns=$(HYDRA_DATABASE_MAX_CONN)" diff --git a/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml index a8f576e..467742b 100644 --- a/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml +++ b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml @@ -4,7 +4,7 @@ name: HYDRA_DATABASE_USER valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: username - op: add path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" @@ -12,10 +12,18 @@ name: HYDRA_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: password +- op: add + path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_SERVICE_NAME + valueFrom: + secretKeyRef: + name: hydra-postgres-app + key: host - op: add path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" value: name: DSN - value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable" \ No newline at end of file + value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable" diff --git a/components/hydra-cnpg-database/patches/hydra-migrate-job.yaml b/components/hydra-cnpg-database/patches/hydra-migrate-job.yaml index 6185612..c5e4447 100644 --- a/components/hydra-cnpg-database/patches/hydra-migrate-job.yaml +++ b/components/hydra-cnpg-database/patches/hydra-migrate-job.yaml @@ -4,7 +4,7 @@ name: HYDRA_DATABASE_USER valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: username - op: add path: "/spec/template/spec/containers/0/env/-" @@ -12,10 +12,18 @@ name: HYDRA_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: hydra-postgres-user + name: hydra-postgres-app key: password +- op: add + path: "/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_SERVICE_NAME + valueFrom: + secretKeyRef: + name: hydra-postgres-app + key: host - op: add path: "/spec/template/spec/containers/0/env/-" value: name: DSN - value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable" \ No newline at end of file + value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable" diff --git a/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml b/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml index 7f48955..8d910f1 100644 --- a/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml +++ b/components/hydra-cnpg-database/resources/hydra-cnpg-cluster.yaml @@ -5,13 +5,9 @@ metadata: spec: instances: 3 primaryUpdateStrategy: unsupervised - superuserSecret: - name: hydra-postgres-admin bootstrap: initdb: database: hydra owner: hydra - secret: - name: hydra-postgres-user storage: - size: 2Gi \ No newline at end of file + size: 2Gi diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index f99e668..c4e4615 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -30,6 +30,7 @@ configMapGenerator: - URLS_CONSENT=http://hydra-consent-app/consent - URLS_LOGOUT=http://hydra-logout-app/logout - HYDRA_SERVE_ALL_ARGS=--dev + - HYDRA_DATABASE_MAX_CONN="10" - LOG_LEVEL=info vars: -- 2.17.1 From 1cf7569678956abeeb47d5835f00bee3e9cc08fb Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 9 Oct 2024 11:37:52 +0200 Subject: [PATCH 43/47] fix(component): adding behavior to secret generator --- components/hydra-sql/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/components/hydra-sql/kustomization.yaml b/components/hydra-sql/kustomization.yaml index ae964ce..0504eb2 100644 --- a/components/hydra-sql/kustomization.yaml +++ b/components/hydra-sql/kustomization.yaml @@ -11,6 +11,7 @@ generatorOptions: configMapGenerator: - name: hydra-sql-env + behavior: create literals: - ISSUER_URL="http://localhost:8000" - BASE_URL='http://localhost:8080' -- 2.17.1 From 4ec580fb7d9ea440cd76efa4242cd4992de843af Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 9 Oct 2024 11:49:39 +0200 Subject: [PATCH 44/47] fix(component): oidc adding behavior to secret generator --- components/hydra-oidc/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/components/hydra-oidc/kustomization.yaml b/components/hydra-oidc/kustomization.yaml index deec38c..624818f 100644 --- a/components/hydra-oidc/kustomization.yaml +++ b/components/hydra-oidc/kustomization.yaml @@ -11,6 +11,7 @@ generatorOptions: configMapGenerator: - name: hydra-oidc-env + behavior: create literals: - APP_ENV=prod - APP_DEBUG=false -- 2.17.1 From 40ec4440a7ffa9f0d6109e99ba6871a8e47297a5 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Thu, 10 Oct 2024 10:31:16 +0200 Subject: [PATCH 45/47] chore(hydra-sql): correction requete password et fetchdata et ajout paquet xdebug --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index de26e1a..610ac62 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.9.24-develop.1300.fe4d683 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.10-develop.1026.8e56433 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -68,7 +68,7 @@ spec: subPath: 03_base.ini - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.9.24-develop.1300.fe4d683 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.10-develop.1026.8e56433 imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1 From ce1f650a86213cccee84beb60a97b6e641c057a6 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Mon, 14 Oct 2024 10:49:12 +0200 Subject: [PATCH 46/47] chore(hydra-sql) : update image ref to fix error handle --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index 610ac62..c9ff8d8 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.10-develop.1026.8e56433 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.14-develop.1040.7032787 imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -68,7 +68,7 @@ spec: subPath: 03_base.ini - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.10-develop.1026.8e56433 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.14-develop.1040.7032787 imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1 From ee0349e9df4e234e81ded7b7171a34df5a436787 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Wed, 6 Nov 2024 11:18:49 +0100 Subject: [PATCH 47/47] chore: update hydra-sql image ref to fix email search case --- components/hydra-sql/resources/hydra-sql-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/hydra-sql/resources/hydra-sql-deployment.yaml b/components/hydra-sql/resources/hydra-sql-deployment.yaml index c9ff8d8..bf688de 100644 --- a/components/hydra-sql/resources/hydra-sql-deployment.yaml +++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: hydra-sql-fpm - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.14-develop.1040.7032787 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.11.6-develop.1113.075be9b imagePullPolicy: Always args: ["/usr/sbin/php-fpm81", "-F", "-e"] readinessProbe: @@ -68,7 +68,7 @@ spec: subPath: 03_base.ini - name: hydra-sql-caddy - image: reg.cadoles.com/cadoles/hydra-sql-base:2024.10.14-develop.1040.7032787 + image: reg.cadoles.com/cadoles/hydra-sql-base:2024.11.6-develop.1113.075be9b imagePullPolicy: Always args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"] readinessProbe: -- 2.17.1