CadolesKube
/
sso-kustom
14
0
Fork 0
Code Issues 19 Pull Requests 4 Projects Releases Wiki Activity

Modification des deployements pour le passage à Caddy #36

Merged
wpetit merged 4 commits from cmsassot into develop 2024-04-04 17:09:47 +02:00
Conversation 0 Commits 4 Files Changed 6 +188 -182
6 changed files with 188 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 546f31b2dd - Show all commits

161
components/hydra-oidc/resources/hydra-oidc-deployment.yaml
View File

@ -17,85 +17,86 @@ spec:
app.kubernetes.io/name: hydra-oidc app.kubernetes.io/name: hydra-oidc
spec: spec:
containers: containers:
- name: hydra-oidc-php-fpm - name: hydra-oidc-php-fpm
image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
env: env:
- name: PHP_FPM_LISTEN - name: PHP_FPM_LISTEN
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT - name: PHP_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_MEMORY_LIMIT
value: 128m value: 128m
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-oidc-env name: hydra-oidc-env
resources: {} resources: {}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsGroup: 1000 runAsGroup: 1000
runAsUser: 1000 runAsUser: 1000
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6 - name: hydra-oidc-caddy
imagePullPolicy: Always image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
name: hydra-oidc-caddy imagePullPolicy: Always
args: args:
[ [
"/usr/sbin/caddy", "/usr/sbin/caddy",
"run", "run",
"--adapter", "--adapter",
"caddyfile", "caddyfile",
"--config", "--config",
"/etc/caddy/Caddyfile", "/etc/caddy/Caddyfile",
] ]
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /healthy path: /healthy
port: 8080 port: 8080
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 10 periodSeconds: 10
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthy path: /healthy
port: 8080 port: 8080
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 15 periodSeconds: 15
ports: ports:
- containerPort: 8080 - containerPort: 8080
envFrom: name: http
- configMapRef: envFrom:
name: hydra-oidc-env - configMapRef:
env: name: hydra-oidc-env
- name: CADDY_APP_UPSTREAM_BACKEND_SERVER env:
value: 127.0.0.1:9000 - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
- name: CADDY_HTTPS_PORT value: 127.0.0.1:9000
value: "8443" - name: CADDY_HTTPS_PORT
- name: CADDY_HTTP_PORT value: "8443"
value: "8080" - name: CADDY_HTTP_PORT
- name: CADDY_DATA_FS value: "8080"
value: "/tmp/caddy" - name: CADDY_DATA_FS
- name: CADDY_APP_ROOT_PUBLIC value: "/tmp/caddy"
value: "/app/public/" - name: CADDY_APP_ROOT_PUBLIC
resources: {} value: "/app/public/"
securityContext: resources: {}
runAsNonRoot: true securityContext:
runAsGroup: 1000 runAsNonRoot: true
runAsUser: 1000 runAsGroup: 1000
runAsUser: 1000
restartPolicy: Always restartPolicy: Always

5
components/hydra-oidc/resources/hydra-oidc-service.yaml
View File

@ -6,8 +6,9 @@ metadata:
name: hydra-oidc name: hydra-oidc
spec: spec:
ports: ports:
- name: hydra-oidc - name: http
wpetit marked this conversation as resolved Outdated
pcaseiro commented 2024-04-03 11:08:37 +02:00
Outdated
Review
Copy Link

L'indentation n'est pas bonne, les listes doivent commencer au même niveau que la première lettre du "parent".

spec:
  ports:
  - name: toto
     ...
L'indentation n'est pas bonne, les listes doivent commencer au même niveau que la première lettre du "parent". ``` spec: ports: - name: toto ... ```
port: 8080 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-oidc app.kubernetes.io/name: hydra-oidc
status: status:

181
components/hydra-sql/resources/hydra-sql-deployment.yaml
View File

@ -17,97 +17,98 @@ spec:
app.kubernetes.io/name: hydra-sql app.kubernetes.io/name: hydra-sql
spec: spec:
containers: containers:
- name: hydra-sql-fpm - name: hydra-sql-fpm
image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
resources: {} resources: {}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsGroup: 1000 runAsGroup: 1000
runAsUser: 1000 runAsUser: 1000
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-sql-env name: hydra-sql-env
env: env:
- name: PHP_FPM_LISTEN - name: PHP_FPM_LISTEN
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT - name: PHP_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_LOG_LEVEL - name: PHP_FPM_LOG_LEVEL
value: warning value: warning
volumeMounts: volumeMounts:
- name: sql-login-config - name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml" subPath: "sql_login.yaml"
- name: hydra-sql-caddy - name: hydra-sql-caddy
image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24 image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24
imagePullPolicy: Always imagePullPolicy: Always
args: args:
[ [
"/usr/sbin/caddy", "/usr/sbin/caddy",
"run", "run",
"--adapter", "--adapter",
"caddyfile", "caddyfile",
"--config", "--config",
"/etc/caddy/Caddyfile", "/etc/caddy/Caddyfile",
] ]
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /health path: /health
port: 8080 port: 8080
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 10 periodSeconds: 10
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /health path: /health
port: 8080 port: 8080
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 15 periodSeconds: 15
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-sql-env name: hydra-sql-env
env: env:
- name: CADDY_APP_UPSTREAM_BACKEND_SERVER - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: CADDY_HTTPS_PORT - name: CADDY_HTTPS_PORT
value: "8443" value: "8443"
- name: CADDY_HTTP_PORT - name: CADDY_HTTP_PORT
value: "8080" value: "8080"
- name: CADDY_DATA_FS - name: CADDY_DATA_FS
value: "/tmp/caddy" value: "/tmp/caddy"
- name: CADDY_APP_ROOT_PUBLIC - name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/" value: "/app/public/"
resources: {} resources: {}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsGroup: 1000 runAsGroup: 1000
runAsUser: 1000 runAsUser: 1000
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: name: http
- name: sql-login-config volumeMounts:
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" - name: sql-login-config
subPath: "sql_login.yaml" mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml"
volumes: volumes:
- name: sql-login-config - name: sql-login-config
configMap: configMap:

5
components/hydra-sql/resources/hydra-sql-service.yaml
View File

@ -6,8 +6,9 @@ metadata:
name: hydra-sql name: hydra-sql
spec: spec:
ports: ports:
- name: hydra-sql - name: http
port: 8080 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-sql app.kubernetes.io/name: hydra-sql
status: status:

13
resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml
View File

@ -52,9 +52,9 @@ spec:
runAsNonRoot: true runAsNonRoot: true
runAsGroup: 1000 runAsGroup: 1000
runAsUser: 1000 runAsUser: 1000
- image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16 - name: hydra-dispatcher-caddy
image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16
imagePullPolicy: Always imagePullPolicy: Always
name: hydra-dispatcher-caddy
args: args:
[ [
"/usr/sbin/caddy", "/usr/sbin/caddy",
@ -67,14 +67,14 @@ spec:
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /health path: /health
port: 80 port: 8080
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 10 periodSeconds: 10
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /health path: /health
port: 80 port: 8080
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 15 periodSeconds: 15
@ -87,13 +87,14 @@ spec:
- name: CADDY_HTTPS_PORT - name: CADDY_HTTPS_PORT
value: "8443" value: "8443"
- name: CADDY_HTTP_PORT - name: CADDY_HTTP_PORT
value: "80" value: "8080"
- name: CADDY_DATA_FS - name: CADDY_DATA_FS
value: "/tmp/caddy" value: "/tmp/caddy"
- name: CADDY_APP_ROOT_PUBLIC - name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/" value: "/app/public/"
ports: ports:
- containerPort: 80 - containerPort: 8080
wpetit marked this conversation as resolved Outdated
pcaseiro commented 2024-04-03 11:11:01 +02:00
Outdated
Review
Copy Link

Le conteneur étant "non root", je penses qu'il n'est pas possible d'écouter sur le port 80, je n'ai pas encore testé mais il semble que ce puisse être un problème.

Le port doit avoir un "nom", c'est plus simple pour le référencer ailleurs (dans les services par exemple).

Le conteneur étant "non root", je penses qu'il n'est pas possible d'écouter sur le port 80, je n'ai pas encore testé mais il semble que ce puisse être un problème. Le port doit avoir un "nom", c'est plus simple pour le référencer ailleurs (dans les services par exemple).
name: http
resources: {} resources: {}
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true

5
resources/hydra-dispatcher/resources/hydra-dispatcher-service.yaml
View File

@ -6,8 +6,9 @@ metadata:
name: hydra-dispatcher name: hydra-dispatcher
spec: spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-dispatcher app.kubernetes.io/name: hydra-dispatcher
status: status: