chart: extract hydra maester chart out of auth/charts/hydra.tar.gz (#96)
* chart: extract hydra maester chart out of auth/charts/hydra.tar.gz
* auth: install shared hydra maester during bootstrap
* hydra-maester: fix chart name typo
* hydra-maester: fix charts repo namespace
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/hydra-maester/values.yaml b/charts/hydra-maester/values.yaml
new file mode 100644
index 0000000..caa6a90
--- /dev/null
+++ b/charts/hydra-maester/values.yaml
@@ -0,0 +1,122 @@
+# -- Number of replicas in deployment
+replicaCount: 1
+
+# -- The Controller have CREATE and READ access to all Secrets in the namespaces listed below.
+enabledNamespaces: []
+
+# -- Single namespace mode. If enabled the controller will watch for resources only from namespace it is deployed in, ignoring others
+singleNamespaceMode: false
+
+image:
+ # -- Ory Hydra-maester image
+ repository: oryd/hydra-maester
+ # -- Ory Hydra-maester version
+ tag: v0.0.27
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+
+# -- Image pull secrets
+imagePullSecrets: []
+
+# -- Pod priority
+## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: ""
+
+# -- Connection data to admin service of Hydra
+adminService:
+ # -- Service name
+ name:
+ # -- Service port
+ port:
+ # -- Set the clients endpoint, should be `/clients` for Hydra 1.x and
+ # `/admin/clients` for Hydra 2.x
+ endpoint: /admin/clients
+
+forwardedProto:
+
+deployment:
+ resources:
+ {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 30Mi
+ # requests:
+ # cpu: 100m
+ # memory: 20Mi
+
+ # -- Default security context
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ allowPrivilegeEscalation: false
+ privileged: false
+
+ # -- Node labels for pod assignment.
+ nodeSelector: {}
+ # If you do want to specify node labels, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'annotations:'.
+ # foo: bar
+
+ # -- Configure node tolerations.
+ tolerations: []
+ # -- Deployment level extra annotations
+ extraAnnotations: {}
+ # -- Deployment level extra labels
+ extraLabels: {}
+
+ # -- Configure pod topologySpreadConstraints.
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app.kubernetes.io/name: hydra
+ # app.kubernetes.io/instance: hydra
+
+ # -- Configure pod dnsConfig.
+ dnsConfig: {}
+ # options:
+ # - name: "ndots"
+ # value: "1"
+
+ # -- Specify pod metadata, this metadata is added directly to the pod, and not higher objects
+ podMetadata:
+ # -- Extra pod level labels
+ labels: {}
+ # -- Extra pod level annotations
+ annotations: {}
+
+ # https://github.com/kubernetes/kubernetes/issues/57601
+ # -- This applications connects to the k8s API and requires the permissions
+ automountServiceAccountToken: true
+
+ # -- Arguments to be passed to the program
+ args:
+ # -- The minimum frequency at which watched resources are reconciled
+ syncPeriod: ""
+ # syncPeriod: 10h
+
+ # -- Configure service account
+ serviceAccount:
+ # -- Annotations to add to the service account
+ annotations: {}
+
+# -- Configure node affinity
+affinity: {}
+
+# -- PodDistributionBudget configuration
+pdb:
+ enabled: false
+ spec:
+ minAvailable: 1