Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add hydra option to create separate admin and public deploys #706

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions helm/charts/hydra/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ A Helm chart for deploying ORY Hydra in Kubernetes
| cronjob.janitor.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| cronjob.janitor.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| cronjob.janitor.tolerations | list | `[]` | Configure node tolerations |
| separateAdminAndPublicDeploys | bool | `false` | When `true` separate deploys will be created for admin and public components. Use `deployment.admin` and `deployment.public` to configure component specific options. |
| deployment.admin | object | `{}` | When separateAdminAndPublicDeploys is enabled, this field acts as overrides only for the `hydra-admin` deployment object. |
| deployment.public | object | `{}` | When separateAdminAndPublicDeploys is enabled, this field acts as overrides only for the `hydra-public` deployment object. |
| deployment.annotations | object | `{}` | Set custom deployment level annotations |
| deployment.automigration | object | `{"extraEnv":[]}` | Parameters for the automigration initContainer |
| deployment.automigration.extraEnv | list | `[]` | Array of extra envs to be passed to the initContainer. Kubernetes format is expected. Value is processed with Helm `tpl` - name: FOO value: BAR |
Expand Down
247 changes: 247 additions & 0 deletions helm/charts/hydra/templates/deployment-admin.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,247 @@
{{- if .Values.separateAdminAndPublicDeploys -}}
{{- include "hydra.automigration.typeVerification" . -}}
{{- $deployValues := merge .Values.deployment.admin (omit .Values.deployment "admin" "public") -}}
{{- $migrationExtraEnv := ternary $deployValues.automigration.extraEnv $deployValues.extraEnv (not (empty $deployValues.automigration.extraEnv )) -}}

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hydra.fullname" . }}-admin
{{- if .Release.Namespace }}
namespace: {{ .Release.Namespace }}
{{- end }}
labels:
{{- include "hydra.labels" . | nindent 4 }}
{{- with $deployValues.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: admin
annotations:
{{- with $deployValues.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not $deployValues.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
revisionHistoryLimit: {{ $deployValues.revisionHistoryLimit }}
strategy:
{{- toYaml $deployValues.strategy | nindent 4 }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "hydra.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: admin
template:
metadata:
labels:
{{- include "hydra.labels" . | nindent 8 }}
{{- with $deployValues.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.podMetadata.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: admin
annotations:
{{- include "hydra.annotations.checksum" . | nindent 8 -}}
{{- with $deployValues.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.podMetadata.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: {{ include "hydra.name" . }}-config-volume
configMap:
name: {{ include "hydra.fullname" . }}
{{- if $deployValues.extraVolumes }}
{{- toYaml $deployValues.extraVolumes | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "hydra.serviceAccountName" . }}
automountServiceAccountToken: {{ $deployValues.automountServiceAccountToken }}
terminationGracePeriodSeconds: {{ $deployValues.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}-admin
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: {{- toYaml .Values.hydra.command | nindent 12 }}
{{- if .Values.hydra.customArgs }}
args: {{- toYaml .Values.hydra.customArgs | nindent 12 }}
{{- else }}
args:
- serve
- admin
{{- if .Values.hydra.dev }}
- "--dev"
{{- end }}
- --config
- /etc/config/hydra.yaml
{{- end }}
volumeMounts:
- name: {{ include "hydra.name" . }}-config-volume
mountPath: /etc/config
readOnly: true
{{- if $deployValues.extraVolumeMounts }}
{{- toYaml $deployValues.extraVolumeMounts | nindent 12 }}
{{- end }}
ports:
- name: http-admin
containerPort: {{ .Values.hydra.config.serve.admin.port }}
protocol: TCP
livenessProbe:
{{- if $deployValues.customLivenessProbe }}
{{- toYaml $deployValues.customLivenessProbe | nindent 12 }}
{{- else }}
httpGet:
path: /health/alive
port: {{ .Values.hydra.config.serve.admin.port }}
httpHeaders:
- name: Host
value: '127.0.0.1'
{{- toYaml $deployValues.livenessProbe | nindent 12 }}
{{- end }}
readinessProbe:
{{- if $deployValues.customReadinessProbe }}
{{- toYaml $deployValues.customReadinessProbe | nindent 12 }}
{{- else }}
httpGet:
path: /health/ready
port: {{ .Values.hydra.config.serve.admin.port }}
httpHeaders:
- name: Host
value: '127.0.0.1'
{{- toYaml $deployValues.readinessProbe | nindent 12 }}
{{- end }}
startupProbe:
{{- if $deployValues.customStartupProbe }}
{{- toYaml $deployValues.customStartupProbe | nindent 12 }}
{{- else }}
httpGet:
path: /health/ready
port: {{ .Values.hydra.config.serve.admin.port }}
httpHeaders:
- name: Host
value: '127.0.0.1'
{{- toYaml $deployValues.startupProbe | nindent 12 }}
{{- end }}
env:
{{- $issuer := include "hydra.config.urls.issuer" . -}}
{{- if $issuer }}
- name: URLS_SELF_ISSUER
value: {{ $issuer | quote }}
{{- end }}
{{- if not (empty ( include "hydra.dsn" . )) }}
{{- if not (include "ory.extraEnvContainsEnvName" (list $deployValues.extraEnv "DSN")) }}
- name: DSN
valueFrom:
secretKeyRef:
name: {{ include "hydra.secretname" . }}
key: dsn
{{- end }}
{{- end }}
- name: SECRETS_SYSTEM
valueFrom:
secretKeyRef:
name: {{ include "hydra.secretname" . }}
key: secretsSystem
- name: SECRETS_COOKIE
valueFrom:
secretKeyRef:
name: {{ include "hydra.secretname" . }}
key: secretsCookie
{{- if $deployValues.extraEnv }}
{{- tpl (toYaml $deployValues.extraEnv) . | nindent 12 }}
{{- end }}
resources:
{{- toYaml $deployValues.resources | nindent 12 }}
{{- if $deployValues.securityContext }}
securityContext:
{{- toYaml $deployValues.securityContext | nindent 12 }}
{{- end }}
lifecycle:
{{- toYaml $deployValues.lifecycle | nindent 12 }}
{{- if $deployValues.extraContainers }}
{{- tpl $deployValues.extraContainers . | nindent 8 }}
{{- end }}
initContainers:
{{- if $deployValues.extraInitContainers }}
{{- tpl $deployValues.extraInitContainers . | nindent 8 }}
{{- end }}
{{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "initContainer" ) }}
- name: {{ .Chart.Name }}-automigrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.hydra.automigration.customCommand }}
command: {{- toYaml .Values.hydra.automigration.customCommand | nindent 12 }}
{{- else }}
command: ["hydra"]
{{- end }}
{{- if .Values.hydra.automigration.customArgs }}
args: {{- toYaml .Values.hydra.automigration.customArgs | nindent 12 }}
{{- else }}
args: ["migrate", "sql", "-e", "--yes", "--config", "/etc/config/hydra.yaml"]
{{- end }}
volumeMounts:
- name: {{ include "hydra.name" . }}-config-volume
mountPath: /etc/config
readOnly: true
{{- with $deployValues.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- if not (empty ( include "hydra.dsn" . )) }}
{{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}
- name: DSN
valueFrom:
secretKeyRef:
name: {{ include "hydra.secretname" . }}
key: dsn
{{- end }}
{{- end }}
{{- if $migrationExtraEnv }}
{{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }}
{{- end }}
{{- if .Values.hydra.automigration.resources }}
resources:
{{- toYaml .Values.hydra.automigration.resources | nindent 12 }}
{{- end }}
{{- with $deployValues.initContainerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with $deployValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $deployValues.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}
Loading
Loading