first commit
120
.env
|
@ -1,41 +1,83 @@
|
||||||
# In all environments, the following files are loaded if they exist,
|
APP_ENV=PROD
|
||||||
# the latter taking precedence over the former:
|
APP_SECRET=changeme
|
||||||
#
|
DATABASE_URL="postgresql://symfony:changeme@postgres:5432/app?serverVersion=13&charset=utf8"
|
||||||
# * .env contains default values for the environment variables needed by the app
|
|
||||||
# * .env.local uncommitted file with local overrides
|
|
||||||
# * .env.$APP_ENV committed environment-specific defaults
|
|
||||||
# * .env.$APP_ENV.local uncommitted environment-specific overrides
|
|
||||||
#
|
|
||||||
# Real environment variables win over .env files.
|
|
||||||
#
|
|
||||||
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
|
|
||||||
# https://symfony.com/doc/current/configuration/secrets.html
|
|
||||||
#
|
|
||||||
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
|
|
||||||
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
|
|
||||||
|
|
||||||
###> symfony/framework-bundle ###
|
|
||||||
APP_ENV=dev
|
|
||||||
APP_SECRET=8340a690dd03a4c60eeee779e007fc5b
|
|
||||||
###< symfony/framework-bundle ###
|
|
||||||
|
|
||||||
###> doctrine/doctrine-bundle ###
|
|
||||||
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
|
|
||||||
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
|
|
||||||
#
|
|
||||||
# DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
|
|
||||||
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
|
|
||||||
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
|
|
||||||
DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=15&charset=utf8"
|
|
||||||
###< doctrine/doctrine-bundle ###
|
|
||||||
|
|
||||||
###> symfony/messenger ###
|
|
||||||
# Choose one of the transports below
|
|
||||||
# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
|
|
||||||
# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
|
|
||||||
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
|
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
|
||||||
###< symfony/messenger ###
|
|
||||||
|
|
||||||
###> symfony/mailer ###
|
APP_AUTH=OPENID # SQL | CAS | LDAP | OPENID
|
||||||
# MAILER_DSN=null://null
|
APP_MASTERIDENTITY=SSO # SQL | SSO | LDAP
|
||||||
###< symfony/mailer ###
|
APP_SYNCHRO= # Synchronisation null | LDAP2NINE | NINE2LDAP | NINE2NINE
|
||||||
|
|
||||||
|
# Redis Sentiel Session
|
||||||
|
REDIS_HOST='redis-sentinel'
|
||||||
|
REDIS_PORT=26379 # 6379 | 26379
|
||||||
|
REDIS_SERVICE=redismaster # master sentinel name
|
||||||
|
|
||||||
|
# LDAP
|
||||||
|
LDAP_HOST=openldap # host du serveur ldap
|
||||||
|
LDAP_PORT=389 # port du serveur ldap
|
||||||
|
LDAP_USETLS=0 # connection TLS 0/1
|
||||||
|
LDAP_USERWRITER=0 # LDAP_USER compte writer ? 0/1
|
||||||
|
LDAP_USER="cn=admin,dc=nuo,dc=fr" # DN compte access ldap
|
||||||
|
LDAP_PASSWORD=changeme # Password compte access ldap
|
||||||
|
LDAP_BASEDN="dc=nuo,dc=fr" # Base DN ex:dc=nine,dc=fr
|
||||||
|
LDAP_BASEORGANISATION= # Base Organisation ex:ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASENIVEAU01= # Base Niveau01 ex:ou=niveau01,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASENIVEAU02= # Base Niveau02 ex:ou=niveau02,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASENIVEAU03= # Base Niveau03 ex:ou=niveau03,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASENIVEAU04= # Base Niveau04 ex:ou=niveau04,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASEGROUP= # Base Group ex:ou=groups,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_BASEUSER= # Base User ex:ou=users,ou=nineskeletor,dc=nine,dc=fr
|
||||||
|
LDAP_USERNAME=uid # Attribut id d'un user
|
||||||
|
LDAP_FIRSTNAME=givenname # Attribut firstname d'un user
|
||||||
|
LDAP_LASTNAME=sn # Attribut lastname d'un user
|
||||||
|
LDAP_EMAIL=mail # Attribut email d'un user
|
||||||
|
LDAP_AVATAR=jpegPhoto # Attribut avatar d'un user
|
||||||
|
LDAP_MEMBEROF=memberof # Attribut memberof d'un user
|
||||||
|
LDAP_GROUPGID=gidnumber # Attribut gid d'un groupe
|
||||||
|
LDAP_GROUPNAME=cn # Attribut name d'un groupe
|
||||||
|
LDAP_GROUPMEMBER=memberuid # Attribut stockant les membres d'un groupe
|
||||||
|
LDAP_GROUPMEMBERISDN=0 # LDAP_GROUPMEMBER stocke un uid ou un dn ? 0/1
|
||||||
|
LDAP_FILTERGROUP=(cn=*) # requete ldap pour rechercher les groupes
|
||||||
|
LDAP_FILTERUSER=(uid=*) # requete ldap pour rechercher les users
|
||||||
|
LDAP_AUTOSUBMIT=1 # if APP_AUTH = LDAP autocréer les users non existant
|
||||||
|
LDAP_AUTOUPDATE=1 # if APP_AUTH = LDAP automodifier les users existant
|
||||||
|
|
||||||
|
# If APP_AUTH = CAS
|
||||||
|
CAS_HOST=
|
||||||
|
CAS_PORT=
|
||||||
|
CAS_PATH=
|
||||||
|
CAS_USERNAME=username
|
||||||
|
CAS_EMAIL=email
|
||||||
|
CAS_LASTNAME=lastname
|
||||||
|
CAS_FIRSTNAME=firstname
|
||||||
|
CAS_AVATAR=
|
||||||
|
CAS_NIVEAU01=
|
||||||
|
CAS_GROUP=
|
||||||
|
CAS_AUTOSUBMIT=1 # if APP_AUTH = CAS autocréer les users non existant
|
||||||
|
CAS_AUTOUPDATE=1 # if APP_AUTH = CAS automodifier les users existant
|
||||||
|
|
||||||
|
# If APP_AUTH = OPENID
|
||||||
|
OAUTH_CLIENTID=nuosso
|
||||||
|
OAUTH_CLIENTSECRET="changeme"
|
||||||
|
OAUTH_LOGINURL=http://127.0.0.1:7080/oauth2/auth
|
||||||
|
OAUTH_LOGOUTURL=http://127.0.0.1:7080/oauth2/sessions/logout
|
||||||
|
OAUTH_TOKENURL=http://hydra:4444/oauth2/token
|
||||||
|
OAUTH_USERINFO=http://hydra:4444/userinfo
|
||||||
|
OAUTH_USERNAME=username
|
||||||
|
OAUTH_EMAIL=email
|
||||||
|
OAUTH_LASTNAME=lastname
|
||||||
|
OAUTH_FIRSTNAME=firstname
|
||||||
|
OAUTH_AVATAR=
|
||||||
|
OAUTH_AUTOSUBMIT=1 # if APP_AUTH = OPENID autocréer les users non existant
|
||||||
|
OAUTH_AUTOUPDATE=1 # if APP_AUTH = OPENID automodifier les users existant
|
||||||
|
|
||||||
|
# Proxy
|
||||||
|
PROXY_USE=0
|
||||||
|
PROXY_HOST=
|
||||||
|
PROXY_PORT=
|
||||||
|
|
||||||
|
# Hydra apps
|
||||||
|
HYDRA_LOGINCHALLENGE="http://hydra:4445/oauth2/auth/requests/login?login_challenge="
|
||||||
|
HYDRA_LOGINCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/login/accept?login_challenge="
|
||||||
|
HYDRA_CONSENTCHALLENGE="http://hydra:4445/oauth2/auth/requests/consent?consent_challenge="
|
||||||
|
HYDRA_CONSENTCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/consent/accept?consent_challenge="
|
|
@ -7,6 +7,8 @@
|
||||||
/public/bundles/
|
/public/bundles/
|
||||||
/var/
|
/var/
|
||||||
/vendor/
|
/vendor/
|
||||||
|
/.data
|
||||||
|
|
||||||
###< symfony/framework-bundle ###
|
###< symfony/framework-bundle ###
|
||||||
|
|
||||||
###> phpunit/phpunit ###
|
###> phpunit/phpunit ###
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
SHELL := /bin/bash
|
||||||
|
|
||||||
|
ENGINE=kind
|
||||||
|
HARBOR_USER_NAME=afornerot
|
||||||
|
CLUSTER_NAME=nuosso
|
||||||
|
NAMESPACE=app-dev
|
||||||
|
POD=$(shell kubectl get pods --namespace=${NAMESPACE} --no-headers -o custom-columns=":metadata.name" | grep ^${CLUSTER_NAME}-${PODNAME})
|
||||||
|
|
||||||
|
dockercomposebuild:
|
||||||
|
docker-compose build --no-cache
|
||||||
|
|
||||||
|
dockercomposeup:
|
||||||
|
docker-compose up -d
|
||||||
|
docker-compose exec app bin/console d:s:u --force --complete
|
||||||
|
docker-compose exec app bin/console app:Init
|
||||||
|
|
||||||
|
dockercomposedown:
|
||||||
|
docker-compose stop
|
||||||
|
|
||||||
|
dockercomposesh:
|
||||||
|
docker-compose exec app /bin/sh
|
||||||
|
|
||||||
|
deletecluster:
|
||||||
|
${ENGINE} delete cluster --name=${CLUSTER_NAME}
|
||||||
|
|
||||||
|
createcluster:
|
||||||
|
${ENGINE} delete cluster --name=${CLUSTER_NAME}
|
||||||
|
${ENGINE} create cluster --config misc/k8s/${ENGINE}/${ENGINE}-cluster.yaml
|
||||||
|
|
||||||
|
atachcluster:
|
||||||
|
docker login reg.cadoles.com
|
||||||
|
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
|
||||||
|
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
|
||||||
|
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
|
||||||
|
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
|
||||||
|
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
|
||||||
|
|
||||||
|
applycluster:
|
||||||
|
kubectl apply -k misc/k8s/${ENGINE}/cluster --server-side
|
||||||
|
docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r
|
||||||
|
echo modifier ipaddresspoool.yaml si nécessaire
|
||||||
|
|
||||||
|
applylbcluster:
|
||||||
|
kubectl apply -k misc/k8s/${ENGINE}/cluster/lb --server-side
|
||||||
|
|
||||||
|
watchcluster:
|
||||||
|
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
|
||||||
|
|
||||||
|
sh:
|
||||||
|
kubectl exec --namespace=${NAMESPACE} ${POD} -it -- sh
|
||||||
|
|
||||||
|
deletenamespace:
|
||||||
|
kubectl delete all --all --namespace ${NAMESPACE}
|
||||||
|
|
||||||
|
getpods:
|
||||||
|
kubectl get pods --namespace ${NAMESPACE}
|
||||||
|
|
||||||
|
getservices:
|
||||||
|
kubectl get services --namespace ${NAMESPACE}
|
|
@ -0,0 +1,71 @@
|
||||||
|
# DOCKER-COMPOSE
|
||||||
|
|
||||||
|
Build
|
||||||
|
```
|
||||||
|
make dockercomposebuild
|
||||||
|
```
|
||||||
|
|
||||||
|
Up
|
||||||
|
```
|
||||||
|
make dockercomposeup
|
||||||
|
```
|
||||||
|
|
||||||
|
Stop
|
||||||
|
```
|
||||||
|
make dockercomposestop
|
||||||
|
```
|
||||||
|
|
||||||
|
# KUBERNETES
|
||||||
|
|
||||||
|
Suppression Cluster
|
||||||
|
```
|
||||||
|
make deletecluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Création Cluster
|
||||||
|
```
|
||||||
|
make createcluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Rattachement du cluster aux secrets
|
||||||
|
```
|
||||||
|
make atachcluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Deployer le cluster
|
||||||
|
**Attention** en fin de job l'ip du cluster est indiqué
|
||||||
|
Il est nécessaire d'ajuster le reseau dans ipaddresspoool.yaml si besoin
|
||||||
|
```
|
||||||
|
make applycluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Déployer le stockage
|
||||||
|
**Attention** attendre une dizaine de seconde après le déploiement du cluster
|
||||||
|
```
|
||||||
|
make applylbcluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Lancer le déployement en mode watch
|
||||||
|
```
|
||||||
|
make watchcluster:
|
||||||
|
```
|
||||||
|
|
||||||
|
Ouvrir un terminal sur la premiere instance de l'apps
|
||||||
|
```
|
||||||
|
make sh:
|
||||||
|
```
|
||||||
|
|
||||||
|
Suppression de l'ensemble du namespace
|
||||||
|
```
|
||||||
|
make deletenamespace
|
||||||
|
```
|
||||||
|
|
||||||
|
Lister les pods
|
||||||
|
```
|
||||||
|
make getpods
|
||||||
|
```
|
||||||
|
|
||||||
|
Lister les services
|
||||||
|
```
|
||||||
|
make getservices
|
||||||
|
```
|
|
@ -7,11 +7,15 @@
|
||||||
"php": ">=8.1",
|
"php": ">=8.1",
|
||||||
"ext-ctype": "*",
|
"ext-ctype": "*",
|
||||||
"ext-iconv": "*",
|
"ext-iconv": "*",
|
||||||
|
"doctrine/annotations": "^2.0",
|
||||||
"doctrine/doctrine-bundle": "^2.10",
|
"doctrine/doctrine-bundle": "^2.10",
|
||||||
"doctrine/doctrine-migrations-bundle": "^3.2",
|
"doctrine/doctrine-migrations-bundle": "^3.2",
|
||||||
"doctrine/orm": "^2.15",
|
"doctrine/orm": "^2.15",
|
||||||
|
"mashape/unirest-php": "^3.0",
|
||||||
"phpdocumentor/reflection-docblock": "^5.3",
|
"phpdocumentor/reflection-docblock": "^5.3",
|
||||||
"phpstan/phpdoc-parser": "^1.22",
|
"phpstan/phpdoc-parser": "^1.22",
|
||||||
|
"predis/predis": "^2.2",
|
||||||
|
"ramsey/uuid": "^4.7",
|
||||||
"symfony/asset": "6.3.*",
|
"symfony/asset": "6.3.*",
|
||||||
"symfony/console": "6.3.*",
|
"symfony/console": "6.3.*",
|
||||||
"symfony/doctrine-messenger": "6.3.*",
|
"symfony/doctrine-messenger": "6.3.*",
|
||||||
|
@ -41,6 +45,12 @@
|
||||||
"twig/extra-bundle": "^2.12|^3.0",
|
"twig/extra-bundle": "^2.12|^3.0",
|
||||||
"twig/twig": "^2.12|^3.0"
|
"twig/twig": "^2.12|^3.0"
|
||||||
},
|
},
|
||||||
|
"repositories": [
|
||||||
|
{
|
||||||
|
"type": "vcs",
|
||||||
|
"url": "https://github.com/loverg-c/unirest-php"
|
||||||
|
}
|
||||||
|
],
|
||||||
"config": {
|
"config": {
|
||||||
"allow-plugins": {
|
"allow-plugins": {
|
||||||
"php-http/discovery": true,
|
"php-http/discovery": true,
|
||||||
|
|
|
@ -4,8 +4,139 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "5625360c4bf0ca4c404a3a47e7b43354",
|
"content-hash": "6d4e45e1137c02bf343b5855dbbc822c",
|
||||||
"packages": [
|
"packages": [
|
||||||
|
{
|
||||||
|
"name": "brick/math",
|
||||||
|
"version": "0.11.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/brick/math.git",
|
||||||
|
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/brick/math/zipball/0ad82ce168c82ba30d1c01ec86116ab52f589478",
|
||||||
|
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": "^8.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"php-coveralls/php-coveralls": "^2.2",
|
||||||
|
"phpunit/phpunit": "^9.0",
|
||||||
|
"vimeo/psalm": "5.0.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Brick\\Math\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"description": "Arbitrary-precision arithmetic library",
|
||||||
|
"keywords": [
|
||||||
|
"Arbitrary-precision",
|
||||||
|
"BigInteger",
|
||||||
|
"BigRational",
|
||||||
|
"arithmetic",
|
||||||
|
"bigdecimal",
|
||||||
|
"bignum",
|
||||||
|
"brick",
|
||||||
|
"math"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/brick/math/issues",
|
||||||
|
"source": "https://github.com/brick/math/tree/0.11.0"
|
||||||
|
},
|
||||||
|
"funding": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/BenMorel",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"time": "2023-01-15T23:15:59+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "doctrine/annotations",
|
||||||
|
"version": "2.0.1",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/doctrine/annotations.git",
|
||||||
|
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/doctrine/annotations/zipball/e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
|
||||||
|
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"doctrine/lexer": "^2 || ^3",
|
||||||
|
"ext-tokenizer": "*",
|
||||||
|
"php": "^7.2 || ^8.0",
|
||||||
|
"psr/cache": "^1 || ^2 || ^3"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"doctrine/cache": "^2.0",
|
||||||
|
"doctrine/coding-standard": "^10",
|
||||||
|
"phpstan/phpstan": "^1.8.0",
|
||||||
|
"phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
|
||||||
|
"symfony/cache": "^5.4 || ^6",
|
||||||
|
"vimeo/psalm": "^4.10"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"php": "PHP 8.0 or higher comes with attributes, a native replacement for annotations"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Doctrine\\Common\\Annotations\\": "lib/Doctrine/Common/Annotations"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Guilherme Blanco",
|
||||||
|
"email": "guilhermeblanco@gmail.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Roman Borschel",
|
||||||
|
"email": "roman@code-factory.org"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Benjamin Eberlei",
|
||||||
|
"email": "kontakt@beberlei.de"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Jonathan Wage",
|
||||||
|
"email": "jonwage@gmail.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Johannes Schmitt",
|
||||||
|
"email": "schmittjoh@gmail.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Docblock Annotations Parser",
|
||||||
|
"homepage": "https://www.doctrine-project.org/projects/annotations.html",
|
||||||
|
"keywords": [
|
||||||
|
"annotations",
|
||||||
|
"docblock",
|
||||||
|
"parser"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/doctrine/annotations/issues",
|
||||||
|
"source": "https://github.com/doctrine/annotations/tree/2.0.1"
|
||||||
|
},
|
||||||
|
"time": "2023-02-02T22:02:53+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "doctrine/cache",
|
"name": "doctrine/cache",
|
||||||
"version": "2.2.0",
|
"version": "2.2.0",
|
||||||
|
@ -1386,6 +1517,55 @@
|
||||||
],
|
],
|
||||||
"time": "2023-01-14T14:17:03+00:00"
|
"time": "2023-01-14T14:17:03+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "mashape/unirest-php",
|
||||||
|
"version": "v3.0.5",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/loverg-c/unirest-php.git",
|
||||||
|
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/loverg-c/unirest-php/zipball/45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
|
||||||
|
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"ext-curl": "*",
|
||||||
|
"php": ">=5.4.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"codeclimate/php-test-reporter": "0.1.*",
|
||||||
|
"phpunit/phpunit": "~4.4"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-json": "Allows using JSON Bodies for sending and parsing requests"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-0": {
|
||||||
|
"Unirest\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"description": "Unirest PHP",
|
||||||
|
"homepage": "https://github.com/Mashape/unirest-php",
|
||||||
|
"keywords": [
|
||||||
|
"client",
|
||||||
|
"curl",
|
||||||
|
"http",
|
||||||
|
"https",
|
||||||
|
"rest"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"email": "opensource@mashape.com",
|
||||||
|
"source": "https://github.com/loverg-c/unirest-php/tree/v3.0.5"
|
||||||
|
},
|
||||||
|
"time": "2020-02-25T11:14:07+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "monolog/monolog",
|
"name": "monolog/monolog",
|
||||||
"version": "3.4.0",
|
"version": "3.4.0",
|
||||||
|
@ -1702,6 +1882,67 @@
|
||||||
},
|
},
|
||||||
"time": "2023-06-29T20:46:06+00:00"
|
"time": "2023-06-29T20:46:06+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "predis/predis",
|
||||||
|
"version": "v2.2.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/predis/predis.git",
|
||||||
|
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/predis/predis/zipball/33b70b971a32b0d28b4f748b0547593dce316e0d",
|
||||||
|
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": "^7.2 || ^8.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"friendsofphp/php-cs-fixer": "^3.3",
|
||||||
|
"phpstan/phpstan": "^1.9",
|
||||||
|
"phpunit/phpunit": "^8.0 || ~9.4.4"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-relay": "Faster connection with in-memory caching (>=0.6.2)"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Predis\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Till Krüss",
|
||||||
|
"homepage": "https://till.im",
|
||||||
|
"role": "Maintainer"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "A flexible and feature-complete Redis client for PHP.",
|
||||||
|
"homepage": "http://github.com/predis/predis",
|
||||||
|
"keywords": [
|
||||||
|
"nosql",
|
||||||
|
"predis",
|
||||||
|
"redis"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/predis/predis/issues",
|
||||||
|
"source": "https://github.com/predis/predis/tree/v2.2.0"
|
||||||
|
},
|
||||||
|
"funding": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/sponsors/tillkruss",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"time": "2023-06-14T10:37:31+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "psr/cache",
|
"name": "psr/cache",
|
||||||
"version": "3.0.0",
|
"version": "3.0.0",
|
||||||
|
@ -2008,6 +2249,187 @@
|
||||||
},
|
},
|
||||||
"time": "2021-07-14T16:46:02+00:00"
|
"time": "2021-07-14T16:46:02+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "ramsey/collection",
|
||||||
|
"version": "2.0.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/ramsey/collection.git",
|
||||||
|
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/ramsey/collection/zipball/a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
|
||||||
|
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": "^8.1"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"captainhook/plugin-composer": "^5.3",
|
||||||
|
"ergebnis/composer-normalize": "^2.28.3",
|
||||||
|
"fakerphp/faker": "^1.21",
|
||||||
|
"hamcrest/hamcrest-php": "^2.0",
|
||||||
|
"jangregor/phpstan-prophecy": "^1.0",
|
||||||
|
"mockery/mockery": "^1.5",
|
||||||
|
"php-parallel-lint/php-console-highlighter": "^1.0",
|
||||||
|
"php-parallel-lint/php-parallel-lint": "^1.3",
|
||||||
|
"phpcsstandards/phpcsutils": "^1.0.0-rc1",
|
||||||
|
"phpspec/prophecy-phpunit": "^2.0",
|
||||||
|
"phpstan/extension-installer": "^1.2",
|
||||||
|
"phpstan/phpstan": "^1.9",
|
||||||
|
"phpstan/phpstan-mockery": "^1.1",
|
||||||
|
"phpstan/phpstan-phpunit": "^1.3",
|
||||||
|
"phpunit/phpunit": "^9.5",
|
||||||
|
"psalm/plugin-mockery": "^1.1",
|
||||||
|
"psalm/plugin-phpunit": "^0.18.4",
|
||||||
|
"ramsey/coding-standard": "^2.0.3",
|
||||||
|
"ramsey/conventional-commits": "^1.3",
|
||||||
|
"vimeo/psalm": "^5.4"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"captainhook": {
|
||||||
|
"force-install": true
|
||||||
|
},
|
||||||
|
"ramsey/conventional-commits": {
|
||||||
|
"configFile": "conventional-commits.json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Ramsey\\Collection\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Ben Ramsey",
|
||||||
|
"email": "ben@benramsey.com",
|
||||||
|
"homepage": "https://benramsey.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "A PHP library for representing and manipulating collections.",
|
||||||
|
"keywords": [
|
||||||
|
"array",
|
||||||
|
"collection",
|
||||||
|
"hash",
|
||||||
|
"map",
|
||||||
|
"queue",
|
||||||
|
"set"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/ramsey/collection/issues",
|
||||||
|
"source": "https://github.com/ramsey/collection/tree/2.0.0"
|
||||||
|
},
|
||||||
|
"funding": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/ramsey",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://tidelift.com/funding/github/packagist/ramsey/collection",
|
||||||
|
"type": "tidelift"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"time": "2022-12-31T21:50:55+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "ramsey/uuid",
|
||||||
|
"version": "4.7.4",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/ramsey/uuid.git",
|
||||||
|
"reference": "60a4c63ab724854332900504274f6150ff26d286"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/ramsey/uuid/zipball/60a4c63ab724854332900504274f6150ff26d286",
|
||||||
|
"reference": "60a4c63ab724854332900504274f6150ff26d286",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"brick/math": "^0.8.8 || ^0.9 || ^0.10 || ^0.11",
|
||||||
|
"ext-json": "*",
|
||||||
|
"php": "^8.0",
|
||||||
|
"ramsey/collection": "^1.2 || ^2.0"
|
||||||
|
},
|
||||||
|
"replace": {
|
||||||
|
"rhumsaa/uuid": "self.version"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"captainhook/captainhook": "^5.10",
|
||||||
|
"captainhook/plugin-composer": "^5.3",
|
||||||
|
"dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
|
||||||
|
"doctrine/annotations": "^1.8",
|
||||||
|
"ergebnis/composer-normalize": "^2.15",
|
||||||
|
"mockery/mockery": "^1.3",
|
||||||
|
"paragonie/random-lib": "^2",
|
||||||
|
"php-mock/php-mock": "^2.2",
|
||||||
|
"php-mock/php-mock-mockery": "^1.3",
|
||||||
|
"php-parallel-lint/php-parallel-lint": "^1.1",
|
||||||
|
"phpbench/phpbench": "^1.0",
|
||||||
|
"phpstan/extension-installer": "^1.1",
|
||||||
|
"phpstan/phpstan": "^1.8",
|
||||||
|
"phpstan/phpstan-mockery": "^1.1",
|
||||||
|
"phpstan/phpstan-phpunit": "^1.1",
|
||||||
|
"phpunit/phpunit": "^8.5 || ^9",
|
||||||
|
"ramsey/composer-repl": "^1.4",
|
||||||
|
"slevomat/coding-standard": "^8.4",
|
||||||
|
"squizlabs/php_codesniffer": "^3.5",
|
||||||
|
"vimeo/psalm": "^4.9"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-bcmath": "Enables faster math with arbitrary-precision integers using BCMath.",
|
||||||
|
"ext-gmp": "Enables faster math with arbitrary-precision integers using GMP.",
|
||||||
|
"ext-uuid": "Enables the use of PeclUuidTimeGenerator and PeclUuidRandomGenerator.",
|
||||||
|
"paragonie/random-lib": "Provides RandomLib for use with the RandomLibAdapter",
|
||||||
|
"ramsey/uuid-doctrine": "Allows the use of Ramsey\\Uuid\\Uuid as Doctrine field type."
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"captainhook": {
|
||||||
|
"force-install": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"files": [
|
||||||
|
"src/functions.php"
|
||||||
|
],
|
||||||
|
"psr-4": {
|
||||||
|
"Ramsey\\Uuid\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"description": "A PHP library for generating and working with universally unique identifiers (UUIDs).",
|
||||||
|
"keywords": [
|
||||||
|
"guid",
|
||||||
|
"identifier",
|
||||||
|
"uuid"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/ramsey/uuid/issues",
|
||||||
|
"source": "https://github.com/ramsey/uuid/tree/4.7.4"
|
||||||
|
},
|
||||||
|
"funding": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/ramsey",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://tidelift.com/funding/github/packagist/ramsey/uuid",
|
||||||
|
"type": "tidelift"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"time": "2023-04-15T23:01:58+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "symfony/asset",
|
"name": "symfony/asset",
|
||||||
"version": "v6.3.0",
|
"version": "v6.3.0",
|
||||||
|
|
|
@ -8,7 +8,9 @@ framework:
|
||||||
# Enables session support. Note that the session will ONLY be started if you read or write from it.
|
# Enables session support. Note that the session will ONLY be started if you read or write from it.
|
||||||
# Remove or comment this section to explicitly disable session support.
|
# Remove or comment this section to explicitly disable session support.
|
||||||
session:
|
session:
|
||||||
handler_id: null
|
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
|
||||||
|
save_path: '@Redis'
|
||||||
|
gc_probability: null
|
||||||
cookie_secure: auto
|
cookie_secure: auto
|
||||||
cookie_samesite: lax
|
cookie_samesite: lax
|
||||||
storage_factory_id: session.storage.factory.native
|
storage_factory_id: session.storage.factory.native
|
||||||
|
|
|
@ -1,29 +1,44 @@
|
||||||
security:
|
security:
|
||||||
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
|
|
||||||
password_hashers:
|
password_hashers:
|
||||||
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface:
|
||||||
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
|
id: 'App\Service\PasswordEncoder'
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
users_in_memory: { memory: null }
|
main:
|
||||||
|
entity:
|
||||||
|
class: App\Entity\User
|
||||||
|
property: username
|
||||||
|
|
||||||
firewalls:
|
firewalls:
|
||||||
dev:
|
dev:
|
||||||
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
||||||
security: false
|
security: false
|
||||||
|
|
||||||
main:
|
main:
|
||||||
lazy: true
|
pattern: ^/
|
||||||
provider: users_in_memory
|
provider: main
|
||||||
|
context: maincontext
|
||||||
|
user_checker: App\Service\UserChecker
|
||||||
|
form_login:
|
||||||
|
login_path: app_login
|
||||||
|
check_path: app_login
|
||||||
|
default_target_path: app_home
|
||||||
|
use_referer: true
|
||||||
|
csrf_parameter: _csrf_security_token
|
||||||
|
csrf_token_id: a_private_string
|
||||||
|
|
||||||
# activate different ways to authenticate
|
logout:
|
||||||
# https://symfony.com/doc/current/security.html#the-firewall
|
invalidate_session: true
|
||||||
|
path: app_kill
|
||||||
|
target: app_home
|
||||||
|
|
||||||
# https://symfony.com/doc/current/security/impersonating_user.html
|
|
||||||
# switch_user: true
|
|
||||||
|
|
||||||
# Easy way to control access for large sections of your site
|
|
||||||
# Note: Only the *first* access control that matches will be used
|
|
||||||
access_control:
|
access_control:
|
||||||
# - { path: ^/admin, roles: ROLE_ADMIN }
|
- { path: ^/all, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_MASTER, ROLE_MANAGER, ROLE_USER] }
|
||||||
# - { path: ^/profile, roles: ROLE_USER }
|
- { path: ^/user, roles: [ROLE_USER] }
|
||||||
|
- { path: ^/manager, roles: [ROLE_MANAGER] }
|
||||||
|
- { path: ^/master, roles: [ROLE_MASTER] }
|
||||||
|
- { path: ^/modo, roles: [ROLE_MODO] }
|
||||||
|
- { path: ^/admin, roles: [ROLE_ADMIN] }
|
||||||
|
|
||||||
when@test:
|
when@test:
|
||||||
security:
|
security:
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
twig:
|
twig:
|
||||||
default_path: '%kernel.project_dir%/templates'
|
default_path: '%kernel.project_dir%/templates'
|
||||||
|
form_themes:
|
||||||
|
- 'Form/fields.html.twig'
|
||||||
|
globals:
|
||||||
|
appMasteridentity: '%appMasteridentity%'
|
||||||
|
|
||||||
when@test:
|
when@test:
|
||||||
twig:
|
twig:
|
||||||
|
|
|
@ -1,5 +1,44 @@
|
||||||
controllers:
|
#== Home ========================================================================================================
|
||||||
resource:
|
app_home:
|
||||||
path: ../src/Controller/
|
path: /
|
||||||
namespace: App\Controller
|
controller: App\Controller\HomeController::home
|
||||||
type: attribute
|
|
||||||
|
#== Security ====================================================================================================
|
||||||
|
#-- Access public
|
||||||
|
app_login:
|
||||||
|
path: /login
|
||||||
|
controller: App\Controller\SecurityController::login
|
||||||
|
|
||||||
|
app_loginldapcheck:
|
||||||
|
path: /loginldapcheck
|
||||||
|
controller: App\Controller\SecurityController::loginldapcheck
|
||||||
|
|
||||||
|
app_loginopenidcallback:
|
||||||
|
path: /oauth2/callback
|
||||||
|
controller: App\Controller\SecurityController::loginopenidcallback
|
||||||
|
|
||||||
|
app_logout:
|
||||||
|
path: /logout
|
||||||
|
controller: App\Controller\SecurityController::logout
|
||||||
|
|
||||||
|
#== Hydra =======================================================================================================
|
||||||
|
#-- Access public
|
||||||
|
app_hydra_loginsql:
|
||||||
|
path: /hydra/loginsql
|
||||||
|
controller: App\Controller\HydraController::loginsql
|
||||||
|
|
||||||
|
app_hydra_checkloginsql:
|
||||||
|
path: /hydra/checkloginsql
|
||||||
|
controller: App\Controller\HydraController::checkloginsql
|
||||||
|
|
||||||
|
app_hydra_loginldap:
|
||||||
|
path: /hydra/loginldap
|
||||||
|
controller: App\Controller\HydraController::loginldap
|
||||||
|
|
||||||
|
app_hydra_checkloginldap:
|
||||||
|
path: /hydra/checkloginldap
|
||||||
|
controller: App\Controller\HydraController::checkloginldap
|
||||||
|
|
||||||
|
app_hydra_consent:
|
||||||
|
path: /hydra/consent
|
||||||
|
controller: App\Controller\HydraController::consent
|
|
@ -1,18 +1,82 @@
|
||||||
# This file is the entry point to configure your own services.
|
|
||||||
# Files in the packages/ subdirectory configure your dependencies.
|
|
||||||
|
|
||||||
# Put parameters here that don't need to change on each machine where the app is deployed
|
|
||||||
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
|
|
||||||
parameters:
|
parameters:
|
||||||
|
app_env: '%env(resolve:APP_ENV)%'
|
||||||
|
appSecret: '%env(resolve:APP_SECRET)%'
|
||||||
|
appAuth: '%env(resolve:APP_AUTH)%'
|
||||||
|
appMasteridentity: '%env(resolve:APP_MASTERIDENTITY)%'
|
||||||
|
appSynchro: '%env(resolve:APP_SYNCHRO)%'
|
||||||
|
|
||||||
|
ldapHost: '%env(resolve:LDAP_HOST)%'
|
||||||
|
ldapPort: '%env(resolve:LDAP_PORT)%'
|
||||||
|
ldapUsetls: '%env(resolve:LDAP_USETLS)%'
|
||||||
|
ldapUserwriter: '%env(resolve:LDAP_USERWRITER)%'
|
||||||
|
ldapUser: '%env(resolve:LDAP_USER)%'
|
||||||
|
ldapPassword: '%env(resolve:LDAP_PASSWORD)%'
|
||||||
|
ldapBasedn: '%env(resolve:LDAP_BASEDN)%'
|
||||||
|
ldapBaseorganisation: '%env(resolve:LDAP_BASEORGANISATION)%'
|
||||||
|
ldapBaseniveau01: '%env(resolve:LDAP_BASENIVEAU01)%'
|
||||||
|
ldapBaseniveau02: '%env(resolve:LDAP_BASENIVEAU02)%'
|
||||||
|
ldapBaseniveau03: '%env(resolve:LDAP_BASENIVEAU03)%'
|
||||||
|
ldapBaseniveau04: '%env(resolve:LDAP_BASENIVEAU04)%'
|
||||||
|
ldapBasegroup: '%env(resolve:LDAP_BASEGROUP)%'
|
||||||
|
ldapBaseuser: '%env(resolve:LDAP_BASEUSER)%'
|
||||||
|
ldapUsername: '%env(resolve:LDAP_USERNAME)%'
|
||||||
|
ldapFirstname: '%env(resolve:LDAP_FIRSTNAME)%'
|
||||||
|
ldapLastname: '%env(resolve:LDAP_LASTNAME)%'
|
||||||
|
ldapEmail: '%env(resolve:LDAP_EMAIL)%'
|
||||||
|
ldapAvatar: '%env(resolve:LDAP_AVATAR)%'
|
||||||
|
ldapMemberof: '%env(resolve:LDAP_MEMBEROF)%'
|
||||||
|
ldapGroupgid: '%env(resolve:LDAP_GROUPGID)%'
|
||||||
|
ldapGroupname: '%env(resolve:LDAP_GROUPNAME)%'
|
||||||
|
ldapGroupmember: '%env(resolve:LDAP_GROUPMEMBER)%'
|
||||||
|
ldapGroupmemberisdn: '%env(resolve:LDAP_GROUPMEMBERISDN)%'
|
||||||
|
ldapFiltergroup: '%env(resolve:LDAP_FILTERGROUP)%'
|
||||||
|
ldapFilteruser: '%env(resolve:LDAP_FILTERUSER)%'
|
||||||
|
ldapAutosubmit: '%env(resolve:LDAP_AUTOSUBMIT)%'
|
||||||
|
ldapAutoupdate: '%env(resolve:LDAP_AUTOUPDATE)%'
|
||||||
|
|
||||||
|
casHost: '%env(resolve:CAS_HOST)%'
|
||||||
|
casPort: '%env(resolve:CAS_PORT)%'
|
||||||
|
casPath: '%env(resolve:CAS_PATH)%'
|
||||||
|
casUsername: '%env(resolve:CAS_USERNAME)%'
|
||||||
|
casEmail: '%env(resolve:CAS_EMAIL)%'
|
||||||
|
casLastname: '%env(resolve:CAS_LASTNAME)%'
|
||||||
|
casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
|
||||||
|
casAvatar: '%env(resolve:CAS_AVATAR)%'
|
||||||
|
casNiveau01: '%env(resolve:CAS_NIVEAU01)%'
|
||||||
|
casGroup: '%env(resolve:CAS_GROUP)%'
|
||||||
|
casAutosubmit: '%env(resolve:CAS_AUTOSUBMIT)%'
|
||||||
|
casAutoupdate: '%env(resolve:CAS_AUTOUPDATE)%'
|
||||||
|
|
||||||
|
oauthClientid: '%env(resolve:OAUTH_CLIENTID)%'
|
||||||
|
oauthClientsecret: '%env(resolve:OAUTH_CLIENTSECRET)%'
|
||||||
|
oauthLoginurl: '%env(resolve:OAUTH_LOGINURL)%'
|
||||||
|
oauthLogouturl: '%env(resolve:OAUTH_LOGOUTURL)%'
|
||||||
|
oauthTokenurl: '%env(resolve:OAUTH_TOKENURL)%'
|
||||||
|
oauthUserinfo: '%env(resolve:OAUTH_USERINFO)%'
|
||||||
|
oauthUsername: '%env(resolve:OAUTH_USERNAME)%'
|
||||||
|
oauthEmail: '%env(resolve:OAUTH_EMAIL)%'
|
||||||
|
oauthLastname: '%env(resolve:OAUTH_LASTNAME)%'
|
||||||
|
oauthFirstname: '%env(resolve:OAUTH_FIRSTNAME)%'
|
||||||
|
oauthAvatar: '%env(resolve:OAUTH_AVATAR)%'
|
||||||
|
oauthNiveau01: '%env(resolve:OAUTH_NIVEAU01)%'
|
||||||
|
oauthGroup: '%env(resolve:OAUTH_GROUP)%'
|
||||||
|
oauthAutosubmit: '%env(resolve:OAUTH_AUTOSUBMIT)%'
|
||||||
|
oauthAutoupdate: '%env(resolve:OAUTH_AUTOUPDATE)%'
|
||||||
|
|
||||||
|
proxyUse: '%env(resolve:PROXY_USE)%'
|
||||||
|
proxyHost: '%env(resolve:PROXY_HOST)%'
|
||||||
|
proxyPort: '%env(resolve:PROXY_PORT)%'
|
||||||
|
|
||||||
|
hydraLoginchallenge: '%env(resolve:HYDRA_LOGINCHALLENGE)%'
|
||||||
|
hydraLoginchallengeaccept: '%env(resolve:HYDRA_LOGINCHALLENGEACCEPT)%'
|
||||||
|
hydraConsentchallenge: '%env(resolve:HYDRA_CONSENTCHALLENGE)%'
|
||||||
|
hydraConsentchallengeaccept: '%env(resolve:HYDRA_CONSENTCHALLENGEACCEPT)%'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# default configuration for services in *this* file
|
|
||||||
_defaults:
|
_defaults:
|
||||||
autowire: true # Automatically injects dependencies in your services.
|
autowire: true # Automatically injects dependencies in your services.
|
||||||
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
|
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
|
||||||
|
|
||||||
# makes classes in src/ available to be used as services
|
|
||||||
# this creates a service per class whose id is the fully-qualified class name
|
|
||||||
App\:
|
App\:
|
||||||
resource: '../src/'
|
resource: '../src/'
|
||||||
exclude:
|
exclude:
|
||||||
|
@ -20,5 +84,36 @@ services:
|
||||||
- '../src/Entity/'
|
- '../src/Entity/'
|
||||||
- '../src/Kernel.php'
|
- '../src/Kernel.php'
|
||||||
|
|
||||||
# add more service definitions when explicit configuration is needed
|
Redis:
|
||||||
# please note that last definitions always *replace* previous ones
|
class: Predis\Client
|
||||||
|
arguments:
|
||||||
|
-
|
||||||
|
-
|
||||||
|
scheme: 'tcp'
|
||||||
|
host: '%env(resolve:REDIS_HOST)%'
|
||||||
|
port: '%env(resolve:REDIS_PORT)%'
|
||||||
|
-
|
||||||
|
replication: 'sentinel'
|
||||||
|
service: '%env(resolve:REDIS_SERVICE)%'
|
||||||
|
connection_timeout: 100
|
||||||
|
read_write_timeout: 300
|
||||||
|
|
||||||
|
Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
|
||||||
|
arguments:
|
||||||
|
- '@Redis'
|
||||||
|
|
||||||
|
App\Entity\User:
|
||||||
|
public: true
|
||||||
|
arguments: ['@security.password_hasher']
|
||||||
|
|
||||||
|
App\Command\InitCommand:
|
||||||
|
public: true
|
||||||
|
arguments: ['@service_container','@doctrine.orm.entity_manager']
|
||||||
|
|
||||||
|
App\Service\ApiService:
|
||||||
|
public: true
|
||||||
|
|
||||||
|
App\Service\LdapService:
|
||||||
|
public: true
|
||||||
|
arguments: ["@service_container"]
|
||||||
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
###> doctrine/doctrine-bundle ###
|
|
||||||
database:
|
|
||||||
ports:
|
|
||||||
- "5432"
|
|
||||||
###< doctrine/doctrine-bundle ###
|
|
||||||
|
|
||||||
###> symfony/mailer ###
|
|
||||||
mailer:
|
|
||||||
image: schickling/mailcatcher
|
|
||||||
ports: ["1025", "1080"]
|
|
||||||
###< symfony/mailer ###
|
|
|
@ -1,21 +1,132 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
###> doctrine/doctrine-bundle ###
|
# Service redis
|
||||||
database:
|
redis-master:
|
||||||
image: postgres:${POSTGRES_VERSION:-15}-alpine
|
image: redis:6-alpine
|
||||||
environment:
|
volumes:
|
||||||
POSTGRES_DB: ${POSTGRES_DB:-app}
|
- "./.data:/data"
|
||||||
# You should definitely change the password in production
|
ports:
|
||||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!}
|
- "6379:6379"
|
||||||
POSTGRES_USER: ${POSTGRES_USER:-app}
|
|
||||||
volumes:
|
redis-slave:
|
||||||
- database_data:/var/lib/postgresql/data:rw
|
image: redis:6-alpine
|
||||||
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
|
command: redis-server --slaveof redis-master 6379
|
||||||
# - ./docker/db/data:/var/lib/postgresql/data:rw
|
links:
|
||||||
###< doctrine/doctrine-bundle ###
|
- redis-master
|
||||||
|
volumes:
|
||||||
|
- "./.data:/data"
|
||||||
|
|
||||||
|
redis-sentinel:
|
||||||
|
build:
|
||||||
|
context: ./misc/images/redis-sentinel
|
||||||
|
links:
|
||||||
|
- redis-master
|
||||||
|
|
||||||
|
|
||||||
|
# Service postgres
|
||||||
|
postgres:
|
||||||
|
image: postgres:13-alpine
|
||||||
|
hostname: postgres
|
||||||
|
environment:
|
||||||
|
POSTGRES_MULTIPLE_DATABASES: app,hydra
|
||||||
|
POSTGRES_PASSWORD: changeme
|
||||||
|
POSTGRES_USER: symfony
|
||||||
|
ports:
|
||||||
|
- 5432:5432
|
||||||
|
volumes:
|
||||||
|
- db-data:/var/lib/postgresql/data:rw
|
||||||
|
- ./misc/images/postgres:/docker-entrypoint-initdb.d
|
||||||
|
|
||||||
|
# Service app
|
||||||
|
app:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: ./misc/images/app/app-docker/Dockerfile
|
||||||
|
ports:
|
||||||
|
- ${APP_HTTP_PORT:-8080}:8080
|
||||||
|
links:
|
||||||
|
- postgres
|
||||||
|
- hydra
|
||||||
|
- redis-sentinel
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- hydra
|
||||||
|
volumes:
|
||||||
|
- ./src:/app/src:delegated
|
||||||
|
- ./public:/app/public:delegated
|
||||||
|
- ./templates:/app/templates:delegated
|
||||||
|
- ./translations:/app/translations:delegated
|
||||||
|
- ./tests:/app/tests:delegated
|
||||||
|
- ./config:/app/config:delegated
|
||||||
|
- ./.env:/app/.env:delegated
|
||||||
|
environment:
|
||||||
|
PHP_FPM_MEMORY_LIMIT: 128m
|
||||||
|
APP_ENV: PROD
|
||||||
|
|
||||||
|
# Service hydra
|
||||||
|
hydra:
|
||||||
|
image: cadoles/hydra-v1
|
||||||
|
hostname: hydra
|
||||||
|
volumes:
|
||||||
|
- ./misc/images/hydra/clients.d:/etc/hydra/clients.d
|
||||||
|
ports:
|
||||||
|
- 7080:4444
|
||||||
|
- 4445:4445
|
||||||
|
links:
|
||||||
|
- postgres
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
restart: on-failure
|
||||||
|
environment:
|
||||||
|
LOG_LEAK_SENSITIVE_VALUES: "true"
|
||||||
|
HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080
|
||||||
|
HYDRA_URLS_CONSENT: http://127.0.0.1:8080/hydra/consent
|
||||||
|
HYDRA_URLS_LOGIN: http://127.0.0.1:8080/hydra/loginsql
|
||||||
|
HYDRA_URLS_LOGOUT: http://127.0.0.1:8080/hydra/logoutsql
|
||||||
|
HYDRA_URLS_ERROR: https://127.0.0.1:8080
|
||||||
|
HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra
|
||||||
|
HYDRA_ALLOW_INSECURE: "yes"
|
||||||
|
HYDRA_LEVEL: debug
|
||||||
|
|
||||||
|
# Service Openldap
|
||||||
|
openldap:
|
||||||
|
image: osixia/openldap:1.5.0
|
||||||
|
environment:
|
||||||
|
LDAP_LOG_LEVEL: "256"
|
||||||
|
LDAP_ORGANISATION: "nuo"
|
||||||
|
LDAP_DOMAIN: "nuo.fr"
|
||||||
|
LDAP_ADMIN_PASSWORD: "changeme"
|
||||||
|
LDAP_CONFIG_PASSWORD: "changeme"
|
||||||
|
LDAP_READONLY_USER: "true"
|
||||||
|
LDAP_READONLY_USER_USERNAME: "readonly"
|
||||||
|
LDAP_READONLY_USER_PASSWORD: "readonly"
|
||||||
|
LDAP_TLS: "false"
|
||||||
|
volumes:
|
||||||
|
- /var/lib/ldap
|
||||||
|
- /etc/ldap/slapd.d
|
||||||
|
- /container/service/slapd/assets/certs/
|
||||||
|
ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
|
||||||
|
# Service phpldapadmin
|
||||||
|
phpldapadmin:
|
||||||
|
image: osixia/phpldapadmin:latest
|
||||||
|
environment:
|
||||||
|
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||||
|
PHPLDAPADMIN_HTTPS: "false"
|
||||||
|
ports:
|
||||||
|
- "6080:80"
|
||||||
|
depends_on:
|
||||||
|
- openldap
|
||||||
|
|
||||||
|
# Service adminer
|
||||||
|
adminer:
|
||||||
|
image: adminer
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 6081:8080
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
###> doctrine/doctrine-bundle ###
|
db-data:
|
||||||
database_data:
|
|
||||||
###< doctrine/doctrine-bundle ###
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
ARG PHP_PKG_VERSION="8.1.20-r0"
|
||||||
|
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_pgsql=${PHP_PKG_VERSION} \
|
||||||
|
php81-ldap=${PHP_PKG_VERSION}"
|
||||||
|
|
||||||
|
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone
|
|
@ -0,0 +1,5 @@
|
||||||
|
ARG PHP_PKG_VERSION="8.1.20-r0"
|
||||||
|
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_pgsql=${PHP_PKG_VERSION}"
|
||||||
|
|
||||||
|
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-base
|
|
@ -0,0 +1,19 @@
|
||||||
|
{
|
||||||
|
"client_id": "nuosso",
|
||||||
|
"client_name": "NuoSSO",
|
||||||
|
"client_secret": "changeme",
|
||||||
|
"grant_types": [
|
||||||
|
"authorization_code",
|
||||||
|
"refresh_token"
|
||||||
|
],
|
||||||
|
"jwks": {},
|
||||||
|
"metadata": {},
|
||||||
|
"token_endpoint_auth_method": "client_secret_post",
|
||||||
|
"post_logout_redirect_uris": ["http://127.0.0.1:8080"],
|
||||||
|
"redirect_uris": ["http://127.0.0.1:8080/oauth2/callback"],
|
||||||
|
"response_types": [
|
||||||
|
"code"
|
||||||
|
],
|
||||||
|
"logo_uri": "http://127.0.0.1:8080/images/logo.png",
|
||||||
|
"scope": "openid"
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -u
|
||||||
|
|
||||||
|
function create_user_and_database() {
|
||||||
|
local database=$1
|
||||||
|
echo " Creating user and database '$database'"
|
||||||
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
|
||||||
|
CREATE USER $database;
|
||||||
|
CREATE DATABASE $database;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
|
||||||
|
EOSQL
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
|
||||||
|
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
|
||||||
|
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
|
||||||
|
create_user_and_database $db
|
||||||
|
done
|
||||||
|
echo "Multiple databases created"
|
||||||
|
fi
|
|
@ -0,0 +1,19 @@
|
||||||
|
FROM redis:6-alpine
|
||||||
|
|
||||||
|
ENV SENTINEL_QUORUM 2
|
||||||
|
ENV SENTINEL_DOWN_AFTER 1000
|
||||||
|
ENV SENTINEL_FAILOVER 1000
|
||||||
|
|
||||||
|
RUN mkdir -p /redis
|
||||||
|
|
||||||
|
WORKDIR /redis
|
||||||
|
|
||||||
|
COPY sentinel.conf .
|
||||||
|
COPY sentinel-entrypoint.sh /usr/local/bin/
|
||||||
|
|
||||||
|
RUN chown redis:redis /redis/* && \
|
||||||
|
chmod +x /usr/local/bin/sentinel-entrypoint.sh
|
||||||
|
|
||||||
|
EXPOSE 26379
|
||||||
|
|
||||||
|
ENTRYPOINT ["sentinel-entrypoint.sh"]
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sed -i "s/\$SENTINEL_QUORUM/$SENTINEL_QUORUM/g" /redis/sentinel.conf
|
||||||
|
sed -i "s/\$SENTINEL_DOWN_AFTER/$SENTINEL_DOWN_AFTER/g" /redis/sentinel.conf
|
||||||
|
sed -i "s/\$SENTINEL_FAILOVER/$SENTINEL_FAILOVER/g" /redis/sentinel.conf
|
||||||
|
|
||||||
|
redis-server /redis/sentinel.conf --sentinel
|
|
@ -0,0 +1,9 @@
|
||||||
|
port 26379
|
||||||
|
|
||||||
|
dir /tmp
|
||||||
|
|
||||||
|
sentinel resolve-hostnames yes
|
||||||
|
sentinel monitor redismaster redis-master 6379 $SENTINEL_QUORUM
|
||||||
|
sentinel down-after-milliseconds redismaster $SENTINEL_DOWN_AFTER
|
||||||
|
sentinel parallel-syncs redismaster 1
|
||||||
|
sentinel failover-timeout redismaster $SENTINEL_FAILOVER
|
|
@ -0,0 +1,2 @@
|
||||||
|
port 6379
|
||||||
|
requirepass changeme
|
|
@ -0,0 +1,3 @@
|
||||||
|
port 6380
|
||||||
|
slaveof redis-master 6379
|
||||||
|
masterauth changeme
|
|
@ -0,0 +1,4 @@
|
||||||
|
port 26379
|
||||||
|
sentinel monitor mymaster redis-master 6379 2
|
||||||
|
sentinel down-after-milliseconds mymaster 5000
|
||||||
|
sentinel failover-timeout mymaster 10000
|
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metrics?ref=develop
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: metallb-system
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/ipaddresspoool.yaml
|
||||||
|
- ./resources/advertise.yaml
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: L2Advertisement
|
||||||
|
metadata:
|
||||||
|
name: l2-ip-pool-ad
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
ipAddressPools:
|
||||||
|
- main-pool
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: main-pool
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
- 172.19.10.100-172.19.10.200
|
|
@ -0,0 +1,48 @@
|
||||||
|
kind: Cluster
|
||||||
|
apiVersion: kind.x-k8s.io/v1alpha4
|
||||||
|
name: nuosso
|
||||||
|
networking:
|
||||||
|
podSubnet: "10.110.0.0/16"
|
||||||
|
serviceSubnet: "10.115.0.0/16"
|
||||||
|
nodes:
|
||||||
|
- role: control-plane
|
||||||
|
image: kindest/node:v1.27.2
|
||||||
|
kubeadmConfigPatches:
|
||||||
|
- |
|
||||||
|
kind: InitConfiguration
|
||||||
|
nodeRegistration:
|
||||||
|
kubeletExtraArgs:
|
||||||
|
node-labels: "ingress-ready=true"
|
||||||
|
extraPortMappings:
|
||||||
|
- containerPort: 31000
|
||||||
|
hostPort: 31000
|
||||||
|
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
|
||||||
|
- containerPort: 80
|
||||||
|
hostPort: 8080
|
||||||
|
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
|
||||||
|
labels:
|
||||||
|
ingress-ready: true
|
||||||
|
- role: worker
|
||||||
|
image: kindest/node:v1.27.2
|
||||||
|
kubeadmConfigPatches:
|
||||||
|
- |
|
||||||
|
kind: JoinConfiguration
|
||||||
|
nodeRegistration:
|
||||||
|
kubeletExtraArgs:
|
||||||
|
system-reserved: memory=2Gi
|
||||||
|
- role: worker
|
||||||
|
image: kindest/node:v1.27.2
|
||||||
|
kubeadmConfigPatches:
|
||||||
|
- |
|
||||||
|
kind: JoinConfiguration
|
||||||
|
nodeRegistration:
|
||||||
|
kubeletExtraArgs:
|
||||||
|
system-reserved: memory=2Gi
|
||||||
|
- role: worker
|
||||||
|
image: kindest/node:v1.27.2
|
||||||
|
kubeadmConfigPatches:
|
||||||
|
- |
|
||||||
|
kind: JoinConfiguration
|
||||||
|
nodeRegistration:
|
||||||
|
kubeletExtraArgs:
|
||||||
|
system-reserved: memory=2Gi
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
nameReference:
|
||||||
|
- kind: Secret
|
||||||
|
fieldSpecs:
|
||||||
|
- path: spec/superuserSecret/name
|
||||||
|
kind: Cluster
|
||||||
|
- path: spec/bootstrap/initdb/secret/name
|
||||||
|
kind: Cluster
|
|
@ -0,0 +1,32 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1alpha1
|
||||||
|
kind: Component
|
||||||
|
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
|
||||||
|
configurations:
|
||||||
|
- ./configurations/cnpg-cluster.yaml
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/app-cnpg-cluster.yaml
|
||||||
|
|
||||||
|
secretgenerator:
|
||||||
|
- name: postgres-admin
|
||||||
|
type: secret
|
||||||
|
literals:
|
||||||
|
- username=postgres
|
||||||
|
- password=notsosecret
|
||||||
|
- name: postgres-user
|
||||||
|
type: Secret
|
||||||
|
literals:
|
||||||
|
- username=app
|
||||||
|
- password=NotSoSecretButThisIsBad
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- name: POSTGRES_DATABASE_SERVICE_NAME
|
||||||
|
objref:
|
||||||
|
name: postgres
|
||||||
|
kind: Cluster
|
||||||
|
apiVersion: postgresql.cnpg.io/v1
|
||||||
|
fieldref:
|
||||||
|
fieldpath: metadata.name
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: postgresql.cnpg.io/v1
|
||||||
|
kind: Cluster
|
||||||
|
metadata:
|
||||||
|
name: postgres
|
||||||
|
spec:
|
||||||
|
instances: 3
|
||||||
|
primaryUpdateStrategy: unsupervised
|
||||||
|
superuserSecret:
|
||||||
|
name: postgres-admin
|
||||||
|
bootstrap:
|
||||||
|
initdb:
|
||||||
|
database: app
|
||||||
|
owner: app
|
||||||
|
secret:
|
||||||
|
name: postgres-user
|
||||||
|
storage:
|
||||||
|
size: 20Gi
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
components:
|
||||||
|
- components/app-cnpg
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/app
|
||||||
|
- resources/redis
|
|
@ -0,0 +1,26 @@
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: adminer
|
||||||
|
name: adminer
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
io.kompose.service: adminer
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: adminer
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: adminer
|
||||||
|
image: reg.cadoles.com/afornerot/adminer
|
||||||
|
imagePullPolicy: "Always"
|
||||||
|
env:
|
||||||
|
- name: ADMINER_DESIGN
|
||||||
|
value: "pappu687"
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
resources: {}
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: adminer
|
||||||
|
name: adminer
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: adminer
|
||||||
|
port: 8080
|
||||||
|
targetPort: 80
|
||||||
|
selector:
|
||||||
|
io.kompose.service: adminer
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- adminer-deployment.yaml
|
||||||
|
- adminer-service.yaml
|
|
@ -0,0 +1,86 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: app
|
||||||
|
name: app
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
io.kompose.service: app
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: app
|
||||||
|
spec:
|
||||||
|
restartPolicy: Always
|
||||||
|
containers:
|
||||||
|
- image: reg.cadoles.com/afornerot/nuosso
|
||||||
|
imagePullPolicy: Always
|
||||||
|
name: app-php-fpm
|
||||||
|
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
|
||||||
|
resources: {}
|
||||||
|
env:
|
||||||
|
- name: PHP_MEMORY_LIMIT
|
||||||
|
value: 128m
|
||||||
|
|
||||||
|
- name: PHP_FPM_LISTEN
|
||||||
|
value: 127.0.0.1:9000
|
||||||
|
- name: PHP_FPM_MEMORY_LIMIT
|
||||||
|
value: 128m
|
||||||
|
- name: PHP_FPM_LOG_LEVEL
|
||||||
|
value: warning
|
||||||
|
|
||||||
|
- name: POSTGRES_DATABASE_SERVICE_NAME
|
||||||
|
value: $(POSTGRES_DATABASE_SERVICE_NAME)-rw
|
||||||
|
- name: POSTGRES_DATABASE_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: postgres-user
|
||||||
|
key: username
|
||||||
|
- name: POSTGRES_DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: postgres-user
|
||||||
|
key: password
|
||||||
|
|
||||||
|
- name: APP_AUTH
|
||||||
|
value: "SQL"
|
||||||
|
- name: APP_MASTERIDENTITY
|
||||||
|
value: "SQL"
|
||||||
|
- name: DATABASE_URL
|
||||||
|
value: "postgresql://$(POSTGRES_DATABASE_USERNAME):$(POSTGRES_DATABASE_PASSWORD)@$(POSTGRES_DATABASE_SERVICE_NAME)-rw:5432/app"
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: rfs-$(REDIS_SERVICE_NAME)
|
||||||
|
- name: REDIS_PORT
|
||||||
|
value: "26379"
|
||||||
|
- name: REDIS_SERVICE
|
||||||
|
value: "mymaster"
|
||||||
|
|
||||||
|
lifecycle:
|
||||||
|
postStart:
|
||||||
|
exec:
|
||||||
|
command: ["/bin/sh", "-c", "/app/bin/console d:s:u --force --complete && /app/bin/console app:Init"]
|
||||||
|
|
||||||
|
- image: reg.cadoles.com/afornerot/nuosso
|
||||||
|
imagePullPolicy: Always
|
||||||
|
name: app-nginx
|
||||||
|
args: ["/usr/sbin/nginx"]
|
||||||
|
env:
|
||||||
|
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
|
||||||
|
value: 127.0.0.1:9000
|
||||||
|
- name: NGINX_APP_ROOT
|
||||||
|
value: "/public"
|
||||||
|
- name: NGINX_APP_PHP_INDEX
|
||||||
|
value: "/index.php"
|
||||||
|
- name: NGINX_ERROR_LOG_LEVEL
|
||||||
|
value: "warn"
|
||||||
|
- name: NGINX_APP_PHP_NON_FILE_PATTERN
|
||||||
|
value: "^/index\\.php(/|$)"
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
resources: {}
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: app
|
||||||
|
name: app
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: app
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
io.kompose.service: app
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- app-service.yaml
|
||||||
|
- app-deployment.yaml
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- redis-redisfailover.yaml
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- name: REDIS_SERVICE_NAME
|
||||||
|
objref:
|
||||||
|
name: redis
|
||||||
|
apiVersion: databases.spotahome.com/v1
|
||||||
|
kind: RedisFailover
|
||||||
|
fieldref:
|
||||||
|
fieldpath: metadata.name
|
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: databases.spotahome.com/v1
|
||||||
|
kind: RedisFailover
|
||||||
|
metadata:
|
||||||
|
name: redis
|
||||||
|
spec:
|
||||||
|
sentinel:
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
limits:
|
||||||
|
memory: 100Mi
|
||||||
|
redis:
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 400m
|
||||||
|
memory: 500Mi
|
|
@ -0,0 +1,3 @@
|
||||||
|
*
|
||||||
|
!.gitignore
|
||||||
|
!.gitkeep
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: app-dev
|
||||||
|
|
||||||
|
namePrefix: nuosso-
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../base
|
||||||
|
- ../../base/resources/adminer
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/ingress.yaml
|
||||||
|
|
||||||
|
patches:
|
||||||
|
- path: patches/app-deployment.yaml
|
||||||
|
- path: patches/add-registry-pull-secret.yaml
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
version: v1
|
||||||
|
|
||||||
|
secretGenerator:
|
||||||
|
- files:
|
||||||
|
- secrets/dockerconfig/.dockerconfigjson
|
||||||
|
name: regcred-dev
|
||||||
|
type: kubernetes.io/dockerconfigjson
|
|
@ -0,0 +1,4 @@
|
||||||
|
- op: add
|
||||||
|
path: "/spec/template/spec/imagePullSecrets"
|
||||||
|
value:
|
||||||
|
- name: regcred-dev
|
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: app
|
||||||
|
name: app
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
restartPolicy: Always
|
||||||
|
containers:
|
||||||
|
- name: app-php-fpm
|
||||||
|
env:
|
||||||
|
- name: APP_ENV
|
||||||
|
value: dev
|
|
@ -0,0 +1,28 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: app
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- host: app.dev.local
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /adminer
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: adminer
|
||||||
|
port:
|
||||||
|
number: 8080
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: app
|
||||||
|
port:
|
||||||
|
number: 8080
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: app-dev
|
|
@ -0,0 +1,3 @@
|
||||||
|
*
|
||||||
|
!.gitignore
|
||||||
|
!.gitkeep
|
After Width: | Height: | Size: 3.9 KiB |
After Width: | Height: | Size: 7.9 KiB |
After Width: | Height: | Size: 6.7 KiB |
After Width: | Height: | Size: 5.8 KiB |
After Width: | Height: | Size: 4.5 KiB |
After Width: | Height: | Size: 4.2 KiB |
After Width: | Height: | Size: 7.5 KiB |
After Width: | Height: | Size: 7.5 KiB |
After Width: | Height: | Size: 3.9 KiB |
After Width: | Height: | Size: 3.4 KiB |
After Width: | Height: | Size: 3.4 KiB |
After Width: | Height: | Size: 14 KiB |
After Width: | Height: | Size: 7.1 KiB |
After Width: | Height: | Size: 6.2 KiB |
After Width: | Height: | Size: 7.4 KiB |
After Width: | Height: | Size: 5.9 KiB |
After Width: | Height: | Size: 4.3 KiB |
After Width: | Height: | Size: 5.1 KiB |
After Width: | Height: | Size: 3.6 KiB |
After Width: | Height: | Size: 3.8 KiB |
After Width: | Height: | Size: 3.9 KiB |
After Width: | Height: | Size: 6.6 KiB |
After Width: | Height: | Size: 3.9 KiB |
After Width: | Height: | Size: 6.8 KiB |
After Width: | Height: | Size: 13 KiB |
After Width: | Height: | Size: 5.0 KiB |
After Width: | Height: | Size: 4.3 KiB |
After Width: | Height: | Size: 5.7 KiB |
After Width: | Height: | Size: 4.6 KiB |
After Width: | Height: | Size: 4.9 KiB |
After Width: | Height: | Size: 7.7 KiB |
After Width: | Height: | Size: 4.4 KiB |
After Width: | Height: | Size: 4.3 KiB |
After Width: | Height: | Size: 5.3 KiB |
After Width: | Height: | Size: 5.5 KiB |
After Width: | Height: | Size: 5.0 KiB |
After Width: | Height: | Size: 6.4 KiB |
After Width: | Height: | Size: 5.7 KiB |
After Width: | Height: | Size: 3.8 KiB |
After Width: | Height: | Size: 7.0 KiB |
After Width: | Height: | Size: 4.6 KiB |
After Width: | Height: | Size: 5.8 KiB |
After Width: | Height: | Size: 6.8 KiB |
After Width: | Height: | Size: 8.6 KiB |
After Width: | Height: | Size: 4.8 KiB |
After Width: | Height: | Size: 4.2 KiB |
After Width: | Height: | Size: 3.9 KiB |
After Width: | Height: | Size: 4.9 KiB |
After Width: | Height: | Size: 10 KiB |
After Width: | Height: | Size: 9.5 KiB |