core/auth/hydra/install.yaml - pcloud - Gitiles

 ---
 apiVersion: v1
 kind: Namespace
 metadata:
   name: core-auth
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: hydra
   namespace: core-auth
 spec:
   type: ClusterIP
   selector:
     app: hydra
   ports:
   - name: public
     port: 80
     targetPort: public
     protocol: TCP
   - name: admin
     port: 81
     targetPort: admin
     protocol: TCP
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: ingress-hydra-public
   namespace: core-auth
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
     acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
   ingressClassName: nginx
   tls:
   - hosts:
     - hydra.lekva.me
     secretName: cert-hydra.lekva.me
   rules:
   - host: hydra.lekva.me
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: hydra
             port:
               name: public
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: ingress-hydra-private
   namespace: core-auth
   annotations:
     cert-manager.io/cluster-issuer: "selfsigned-ca"
     acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
   ingressClassName: nginx-private
   tls:
   - hosts:
     - hydra.pcloud
     secretName: cert-hydra.pcloud
   rules:
   - host: hydra.pcloud
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: hydra
             port:
               name: admin
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: hydra
   namespace: core-auth
 spec:
   selector:
     matchLabels:
       app: hydra
   replicas: 1
   template:
     metadata:
       labels:
         app: hydra
     spec:
       volumes:
       - name: config
         configMap:
           name: hydra
       containers:
       - name: hydra
         image: giolekva/ory-hydra:latest
         imagePullPolicy: IfNotPresent
         ports:
         - name: public
           containerPort: 4444
           protocol: TCP
         - name: admin
           containerPort: 4445
           protocol: TCP
         command:
         - "hydra"
         - "--config=/etc/hydra/config/hydra.yaml"
         - "serve"
         - "all"
         #command: ["hydra", "serve"]
         # resources:
         #   requests:
         #     memory: "10Mi"
         #     cpu: "10m"
         #   limits:
         #     memory: "20Mi"
         #     cpu: "100m"
         volumeMounts:
         - name: config
           mountPath: /etc/hydra/config
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: hydra-migrate
   namespace: core-auth
 spec:
   template:
     metadata:
       labels:
         app: hydra-migrate
     spec:
       restartPolicy: OnFailure
       volumes:
       - name: config
         configMap:
           name: hydra
       containers:
       - name: hydra
         image: giolekva/ory-hydra:latest
         imagePullPolicy: IfNotPresent
         command:
         - "hydra"
         - "migrate"
         - "sql"
         - "-y"
         - "postgres://postgres:psswd@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4"
         #command: ["hydra", "serve"]
         # resources:
         #   requests:
         #     memory: "10Mi"
         #     cpu: "10m"
         #   limits:
         #     memory: "20Mi"
         #     cpu: "100m"
         volumeMounts:
         - name: config
           mountPath: /etc/hydra/config
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: core-auth
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: hydra
	namespace: core-auth
	spec:
	type: ClusterIP
	selector:
	app: hydra
	ports:
	- name: public
	port: 80
	targetPort: public
	protocol: TCP
	- name: admin
	port: 81
	targetPort: admin
	protocol: TCP
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: ingress-hydra-public
	namespace: core-auth
	annotations:
	cert-manager.io/cluster-issuer: "letsencrypt-prod"
	acme.cert-manager.io/http01-edit-in-place: "true"
	spec:
	ingressClassName: nginx
	tls:
	- hosts:
	- hydra.lekva.me
	secretName: cert-hydra.lekva.me
	rules:
	- host: hydra.lekva.me
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: hydra
	port:
	name: public
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: ingress-hydra-private
	namespace: core-auth
	annotations:
	cert-manager.io/cluster-issuer: "selfsigned-ca"
	acme.cert-manager.io/http01-edit-in-place: "true"
	spec:
	ingressClassName: nginx-private
	tls:
	- hosts:
	- hydra.pcloud
	secretName: cert-hydra.pcloud
	rules:
	- host: hydra.pcloud
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: hydra
	port:
	name: admin
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: hydra
	namespace: core-auth
	spec:
	selector:
	matchLabels:
	app: hydra
	replicas: 1
	template:
	metadata:
	labels:
	app: hydra
	spec:
	volumes:
	- name: config
	configMap:
	name: hydra
	containers:
	- name: hydra
	image: giolekva/ory-hydra:latest
	imagePullPolicy: IfNotPresent
	ports:
	- name: public
	containerPort: 4444
	protocol: TCP
	- name: admin
	containerPort: 4445
	protocol: TCP
	command:
	- "hydra"
	- "--config=/etc/hydra/config/hydra.yaml"
	- "serve"
	- "all"
	#command: ["hydra", "serve"]
	# resources:
	# requests:
	# memory: "10Mi"
	# cpu: "10m"
	# limits:
	# memory: "20Mi"
	# cpu: "100m"
	volumeMounts:
	- name: config
	mountPath: /etc/hydra/config
	---
	apiVersion: batch/v1
	kind: Job
	metadata:
	name: hydra-migrate
	namespace: core-auth
	spec:
	template:
	metadata:
	labels:
	app: hydra-migrate
	spec:
	restartPolicy: OnFailure
	volumes:
	- name: config
	configMap:
	name: hydra
	containers:
	- name: hydra
	image: giolekva/ory-hydra:latest
	imagePullPolicy: IfNotPresent
	command:
	- "hydra"
	- "migrate"
	- "sql"
	- "-y"
	- "postgres://postgres:psswd@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4"
	#command: ["hydra", "serve"]
	# resources:
	# requests:
	# memory: "10Mi"
	# cpu: "10m"
	# limits:
	# memory: "20Mi"
	# cpu: "100m"
	volumeMounts:
	- name: config
	mountPath: /etc/hydra/config