chart: extract hydra maester chart out of auth/charts/hydra.tar.gz (#96)
* chart: extract hydra maester chart out of auth/charts/hydra.tar.gz
* auth: install shared hydra maester during bootstrap
* hydra-maester: fix chart name typo
* hydra-maester: fix charts repo namespace
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/hydra-maester/crds/crd-oauth2clients.yaml b/charts/hydra-maester/crds/crd-oauth2clients.yaml
new file mode 100644
index 0000000..ebc9ebb
--- /dev/null
+++ b/charts/hydra-maester/crds/crd-oauth2clients.yaml
@@ -0,0 +1,253 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ creationTimestamp: null
+ name: oauth2clients.hydra.ory.sh
+spec:
+ group: hydra.ory.sh
+ names:
+ kind: OAuth2Client
+ listKind: OAuth2ClientList
+ plural: oauth2clients
+ singular: oauth2client
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OAuth2Client is the Schema for the oauth2clients API
+ properties:
+ apiVersion:
+ description:
+ "APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the
+ latest internal value, and may reject unrecognized values. More
+ info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+ type: string
+ kind:
+ description:
+ "Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the
+ client submits requests to. Cannot be updated. In CamelCase.
+ More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ type: string
+ metadata:
+ type: object
+ spec:
+ description:
+ OAuth2ClientSpec defines the desired state of OAuth2Client
+ properties:
+ allowedCorsOrigins:
+ description:
+ AllowedCorsOrigins is an array of allowed CORS origins
+ items:
+ description:
+ RedirectURI represents a redirect URI for the client
+ pattern: \w+:/?/?[^\s]+
+ type: string
+ type: array
+ audience:
+ description:
+ Audience is a whitelist defining the audiences this client
+ is allowed to request tokens for
+ items:
+ type: string
+ type: array
+ clientName:
+ description:
+ ClientName is the human-readable string name of the client
+ to be presented to the end-user during authorization.
+ type: string
+ grantTypes:
+ description:
+ GrantTypes is an array of grant types the client is allowed
+ to use.
+ items:
+ description: GrantType represents an OAuth 2.0 grant type
+ enum:
+ - client_credentials
+ - authorization_code
+ - implicit
+ - refresh_token
+ type: string
+ maxItems: 4
+ minItems: 1
+ type: array
+ hydraAdmin:
+ description:
+ HydraAdmin is the optional configuration to use for managing
+ this client
+ properties:
+ endpoint:
+ description:
+ Endpoint is the endpoint for the hydra instance on which
+ to set up the client. This value will override the value
+ provided to `--endpoint` (defaults to `"/clients"` in
+ the application)
+ pattern: (^$|^/.*)
+ type: string
+ forwardedProto:
+ description:
+ ForwardedProto overrides the `--forwarded-proto` flag.
+ The value "off" will force this to be off even if
+ `--forwarded-proto` is specified
+ pattern: (^$|https?|off)
+ type: string
+ port:
+ description:
+ Port is the port for the hydra instance on which to set
+ up the client. This value will override the value
+ provided to `--hydra-port`
+ maximum: 65535
+ type: integer
+ url:
+ description:
+ URL is the URL for the hydra instance on which to set up
+ the client. This value will override the value provided
+ to `--hydra-url`
+ maxLength: 64
+ pattern: (^$|^https?://.*)
+ type: string
+ type: object
+ metadata:
+ description: Metadata is abritrary data
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ postLogoutRedirectUris:
+ description:
+ PostLogoutRedirectURIs is an array of the post logout
+ redirect URIs allowed for the application
+ items:
+ description:
+ RedirectURI represents a redirect URI for the client
+ pattern: \w+:/?/?[^\s]+
+ type: string
+ type: array
+ redirectUris:
+ description:
+ RedirectURIs is an array of the redirect URIs allowed for
+ the application
+ items:
+ description:
+ RedirectURI represents a redirect URI for the client
+ pattern: \w+:/?/?[^\s]+
+ type: string
+ type: array
+ responseTypes:
+ description:
+ ResponseTypes is an array of the OAuth 2.0 response type
+ strings that the client can use at the authorization
+ endpoint.
+ items:
+ description:
+ ResponseType represents an OAuth 2.0 response type strings
+ enum:
+ - id_token
+ - code
+ - token
+ - code token
+ - code id_token
+ - id_token token
+ - code id_token token
+ type: string
+ maxItems: 3
+ minItems: 1
+ type: array
+ scope:
+ description:
+ Scope is a string containing a space-separated list of scope
+ values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
+ that the client can use when requesting access tokens.
+ pattern: ([a-zA-Z0-9\.\*]+\s?)+
+ type: string
+ secretName:
+ description:
+ SecretName points to the K8s secret that contains this
+ client's ID and password
+ maxLength: 253
+ minLength: 1
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
+ type: string
+ tokenEndpointAuthMethod:
+ allOf:
+ - enum:
+ - client_secret_basic
+ - client_secret_post
+ - private_key_jwt
+ - none
+ - enum:
+ - client_secret_basic
+ - client_secret_post
+ - private_key_jwt
+ - none
+ description:
+ Indication which authentication method shoud be used for the
+ token endpoint
+ type: string
+ required:
+ - grantTypes
+ - scope
+ - secretName
+ type: object
+ status:
+ description:
+ OAuth2ClientStatus defines the observed state of OAuth2Client
+ properties:
+ conditions:
+ items:
+ description:
+ OAuth2ClientCondition contains condition information for
+ an OAuth2Client
+ properties:
+ status:
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description:
+ ObservedGeneration represents the most recent generation
+ observed by the daemon set controller.
+ format: int64
+ type: integer
+ reconciliationError:
+ description:
+ ReconciliationError represents an error that occurred during
+ the reconciliation process
+ properties:
+ description:
+ description:
+ Description is the description of the reconciliation
+ error
+ type: string
+ statusCode:
+ description:
+ Code is the status code of the reconciliation error
+ type: string
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []