feat(component): adding hydra-ldap #6

Merged
wpetit merged 6 commits from f/werther into master 2023-12-11 10:13:20 +01:00
3 changed files with 96 additions and 0 deletions
Showing only changes of commit 6acda0553e - Show all commits

View File

@ -0,0 +1,25 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./resources/deployment.yaml
- ./resources/service.yaml
configMapGenerator:
- name: werther-env
literals:
- WERTHER_DEV_MODE=false
- WERTHER_LDAP_ROLE_CLAIM="https://hydra/claims/roles"
- WERTHER_SKIP_SSL_VERIFICATIONS=false
- WERTHER_IDENTP_CLAIM_SCOPES="name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fhydra%2Fclaims%2Froles:roles"
- WERTHER_IDENTP_HYDRA_URL="http://hydra:4444"
- WERTHER_LDAP_ENDPOINTS="ldap.test.fr:636"
- WERTHER_LDAP_IS_TLS=true
- WERTHER_LDAP_BASEDN="o=test,c=fr"
- WERTHER_LDAP_ROLE_BASEDN="ou=groups,o=test,c=fr"
secretGenerator:
- name: werther-ldap-sc
literals:
- WERTHER_LDAP_BINDDN="cn=reader,o=test,c=fr"
- WERTHER_LDAP_BINDPW=ThisMustBeAbsolutelyChanged

View File

@ -0,0 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: werther
namespace: default
labels:
app.kubernetes.io/name: werther
app.kubernetes.io/instance: werther
app.kubernetes.io/version: "v1.2.2"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: werther
app.kubernetes.io/instance: werther
template:
metadata:
labels:
app.kubernetes.io/name: werther
app.kubernetes.io/instance: werther
app.kubernetes.io/version: "v1.2.2"
spec:
containers:
- name: werther
image: "reg.cadoles.com/cadoles/werther:1.2.2-feat_ssl_ignore-a39445f"
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: werther-env
env:
- name: WERTHER_WEB_DIR
value: "/usr/share/werther/login/"
- name: WERTHER_LDAP_BINDDN
valueFrom:
secretKeyRef:
name: werther-ldap-sc
key: WERTHER_LDAP_BINDDN
- name: WERTHER_LDAP_BINDPW
valueFrom:
secretKeyRef:
name: werther-ldap-sc
key: WERTHER_LDAP_BINDPW
ports:
- containerPort: 8080
name: werther-http
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 100

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: werther
name: werther
spec:
type: ClusterIP
ports:
- name: werther
port: 8080
targetPort: werther-http
protocol: TCP
selector:
app.kubernetes.io/name: werther
status:
loadBalancer: {}