Modification des deployements pour le passage à Caddy #36

Merged
wpetit merged 4 commits from cmsassot into develop 2024-04-04 17:09:47 +02:00
6 changed files with 148 additions and 96 deletions

View File

@ -18,39 +18,51 @@ spec:
spec: spec:
containers: containers:
- name: hydra-oidc-php-fpm - name: hydra-oidc-php-fpm
image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
env: env:
- name: PHP_FPM_LISTEN - name: PHP_FPM_LISTEN
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT - name: PHP_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_MEMORY_LIMIT
value: 128m value: 128m
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-oidc-env name: hydra-oidc-env
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
- image: reg.cadoles.com/cadoles/hydra-oidc-base:2023.12.15-develop.1012.d57f2ad - name: hydra-oidc-caddy
image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
imagePullPolicy: Always imagePullPolicy: Always
name: hydra-oidc-nginx args:
args: ["/usr/sbin/nginx"] [
"/usr/sbin/caddy",
"run",
"--adapter",
"caddyfile",
"--config",
"/etc/caddy/Caddyfile",
]
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /healthy path: /healthy
@ -65,22 +77,26 @@ spec:
initialDelaySeconds: 15 initialDelaySeconds: 15
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 15 periodSeconds: 15
envFrom:
- configMapRef:
name: hydra-oidc-env
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public/"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http
envFrom:
- configMapRef:
name: hydra-oidc-env
env:
- name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: CADDY_HTTPS_PORT
value: "8443"
- name: CADDY_HTTP_PORT
value: "8080"
- name: CADDY_DATA_FS
value: "/tmp/caddy"
- name: CADDY_APP_ROOT_PUBLIC
value: "/app/public/"
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
restartPolicy: Always restartPolicy: Always

View File

@ -6,8 +6,9 @@ metadata:
name: hydra-oidc name: hydra-oidc
spec: spec:
ports: ports:
- name: hydra-oidc - name: http
wpetit marked this conversation as resolved Outdated

L'indentation n'est pas bonne, les listes doivent commencer au même niveau que la première lettre du "parent".

spec:
  ports:
  - name: toto
     ...
L'indentation n'est pas bonne, les listes doivent commencer au même niveau que la première lettre du "parent". ``` spec: ports: - name: toto ... ```
port: 8080 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-oidc app.kubernetes.io/name: hydra-oidc
status: status:

View File

@ -18,45 +18,57 @@ spec:
spec: spec:
containers: containers:
- name: hydra-sql-fpm - name: hydra-sql-fpm
image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
command: command:
- sh - sh
- -c - -c
- test -f /etc/php81/php-fpm.d/www.conf - test -f /etc/php81/php-fpm.d/www.conf
livenessProbe: livenessProbe:
exec: exec:
command: command:
- php - php
- bin/console - bin/console
- -V - -V
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 30 periodSeconds: 30
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-sql-env name: hydra-sql-env
env: env:
- name: PHP_FPM_LISTEN - name: PHP_FPM_LISTEN
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT - name: PHP_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_MEMORY_LIMIT - name: PHP_FPM_MEMORY_LIMIT
value: 128m value: 128m
- name: PHP_FPM_LOG_LEVEL - name: PHP_FPM_LOG_LEVEL
value: warning value: warning
volumeMounts: volumeMounts:
- name: sql-login-config - name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml" subPath: "sql_login.yaml"
- name: hydra-sql-nginx - name: hydra-sql-caddy
image: reg.cadoles.com/cadoles/hydra-sql-base:2023.12.14-develop.1107.740a756 image: reg.cadoles.com/cadoles/hydra-sql-base:2024.4.2-develop.953.fc87b24
imagePullPolicy: Always imagePullPolicy: Always
args: ["/usr/sbin/nginx"] args:
[
"/usr/sbin/caddy",
"run",
"--adapter",
"caddyfile",
"--config",
"/etc/caddy/Caddyfile",
]
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /health path: /health
@ -72,29 +84,34 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
periodSeconds: 15 periodSeconds: 15
envFrom: envFrom:
- configMapRef: - configMapRef:
name: hydra-sql-env name: hydra-sql-env
env: env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: NGINX_APP_ROOT - name: CADDY_HTTPS_PORT
value: "/public" value: "8443"
- name: NGINX_APP_PHP_INDEX - name: CADDY_HTTP_PORT
value: "/index.php" value: "8080"
- name: NGINX_ERROR_LOG_LEVEL - name: CADDY_DATA_FS
value: "warn" value: "/tmp/caddy"
- name: NGINX_APP_PHP_NON_FILE_PATTERN - name: CADDY_APP_ROOT_PUBLIC
value: "^/index\\.php(/|$)" value: "/app/public/"
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http
volumeMounts: volumeMounts:
- name: sql-login-config - name: sql-login-config
mountPath: "/app/config/sql_login_configuration/sql_login.yaml" mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
subPath: "sql_login.yaml" subPath: "sql_login.yaml"
volumes: volumes:
- name: sql-login-config - name: sql-login-config
configMap: configMap:
name: sql-login-config name: sql-login-config
restartPolicy: Always restartPolicy: Always

View File

@ -6,8 +6,9 @@ metadata:
name: hydra-sql name: hydra-sql
spec: spec:
ports: ports:
- name: hydra-sql - name: http
port: 8080 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-sql app.kubernetes.io/name: hydra-sql
status: status:

View File

@ -18,7 +18,7 @@ spec:
spec: spec:
containers: containers:
- name: hydra-dispatcher-php-fpm - name: hydra-dispatcher-php-fpm
image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16
args: ["/usr/sbin/php-fpm81", "-F", "-e"] args: ["/usr/sbin/php-fpm81", "-F", "-e"]
readinessProbe: readinessProbe:
exec: exec:
@ -48,11 +48,22 @@ spec:
- mountPath: /app/config/hydra - mountPath: /app/config/hydra
name: hydra-dispatcher-apps name: hydra-dispatcher-apps
resources: {} resources: {}
securityContext:
- image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2023.12.15-develop.903.b675347 runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
- name: hydra-dispatcher-caddy
image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.4.2-develop.1411.74a9f16
imagePullPolicy: Always imagePullPolicy: Always
name: hydra-dispatcher-nginx args:
args: ["/usr/sbin/nginx"] [
"/usr/sbin/caddy",
"run",
"--adapter",
"caddyfile",
"--config",
"/etc/caddy/Caddyfile",
]
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /health path: /health
@ -71,19 +82,24 @@ spec:
- configMapRef: - configMapRef:
name: hydra-dispatcher-env name: hydra-dispatcher-env
env: env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER - name: CADDY_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000 value: 127.0.0.1:9000
- name: NGINX_APP_ROOT - name: CADDY_HTTPS_PORT
value: "/public/" value: "8443"
- name: NGINX_APP_PHP_INDEX - name: CADDY_HTTP_PORT
value: "/index.php" value: "8080"
- name: NGINX_ERROR_LOG_LEVEL - name: CADDY_DATA_FS
value: "warn" value: "/tmp/caddy"
- name: NGINX_APP_PHP_NON_FILE_PATTERN - name: CADDY_APP_ROOT_PUBLIC
value: "^/index\\.php(/|$)" value: "/app/public/"
ports: ports:
- containerPort: 8080 - containerPort: 8080
wpetit marked this conversation as resolved Outdated

Le conteneur étant "non root", je penses qu'il n'est pas possible d'écouter sur le port 80, je n'ai pas encore testé mais il semble que ce puisse être un problème.

Le port doit avoir un "nom", c'est plus simple pour le référencer ailleurs (dans les services par exemple).

Le conteneur étant "non root", je penses qu'il n'est pas possible d'écouter sur le port 80, je n'ai pas encore testé mais il semble que ce puisse être un problème. Le port doit avoir un "nom", c'est plus simple pour le référencer ailleurs (dans les services par exemple).
name: http
resources: {} resources: {}
securityContext:
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
restartPolicy: Always restartPolicy: Always
volumes: volumes:
- name: hydra-dispatcher-apps - name: hydra-dispatcher-apps

View File

@ -6,8 +6,9 @@ metadata:
name: hydra-dispatcher name: hydra-dispatcher
spec: spec:
ports: ports:
- name: http - name: http
port: 8080 port: 80
targetPort: http
selector: selector:
app.kubernetes.io/name: hydra-dispatcher app.kubernetes.io/name: hydra-dispatcher
status: status: