Add hydra to k3s

etc/base.yaml

@@ -214,6 +214,16 @@ kratos_ui:
   _chart_version: 0.43.1
   _extra_timeout: 0
 
+hydra:
+  _install: false
+  _chart_version: 0.41.0
+  _extra_timeout: 0
+
+hydra_ui:
+  _install: false
+  _chart_version: 0.41.0
+  _extra_timeout: 0
+
 app_config:
   _install: true
   _chart_version: 1.1.1

etc/hydra-ui/values.yaml

@@ -0,0 +1,17 @@
+hydraAdminUrl: http://hydra-admin:4445
+hydraPublicUrl: http://hydra-public:4444
+baseUrl: https://radar-k3s-test.thehyve.net/hydra-ui/
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+  hosts:
+    - host: radar-k3s-test.thehyve.net
+      paths:
+        - path: "/hydra-ui/?(.*)"
+          pathType: ImplementationSpecific
+  tls:
+    - hosts: [radar-k3s-test.thehyve.net]
+      secretName: radar-base-tls

etc/hydra/values.yaml

@@ -0,0 +1,47 @@
+ingress:
+  admin:
+    enabled: true
+    className: "nginx"
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: radar-k3s-test.thehyve.net
+        paths:
+          - path: "/admin/hydra/?(.*)"
+            pathType: ImplementationSpecific
+    tls:
+      - secretName: hydra-admin-tls
+        host:
+          - radar-k3s-test.thehyve.net
+  public:
+    enabled: true
+    className: "nginx"
+    annotations:
+      nginx.ingress.kubernetes.io/rewrite-target: /$1
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: radar-k3s-test.thehyve.net
+        paths:
+          - path: "/hydra/?(.*)"
+            pathType: ImplementationSpecific
+    tls:
+      - secretName: hydra-public-tls
+        hosts:
+          - radar-k3s-test.thehyve.net
+hydra:
+  automigration:
+    enabled: true
+  config:
+    urls:
+      self:
+        issuer: https://radar-k3s-test.thehyve.net/hydra/
+      login: https://radar-k3s-test.thehyve.net/hydra-ui/login
+      consent: https://radar-k3s-test.thehyve.net/hydra-ui/consent
+
+    log:
+      level: debug
+      format: text
+      leak_sensitive_values: true
+
+
+#https://www.ory.sh/docs/hydra/reference/configuration

etc/postgresql/values.yaml

@@ -114,7 +114,7 @@ primary:
   ##
   extraEnvVars:
     - name: POSTGRES_MULTIPLE_DATABASES
-      value: managementportal,restsourceauthorizer,appconfig,kratos
+      value: managementportal,restsourceauthorizer,appconfig,kratos,hydra
   ## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary)
   ##
   podAnnotations:

helmfile.d/10-managementportal.yaml

@@ -17,7 +17,7 @@ releases:
       - {{ .Values.postgresql | toYaml | indent 8 | trim }}
 
   - name: management-portal
-    chart: radar/management-portal
+    chart: ../../radar-helm-charts/charts/management-portal
     version: {{ .Values.management_portal._chart_version }}
     installed: {{ .Values.management_portal._install }}
     timeout: {{ add .Values.base_timeout .Values.management_portal._extra_timeout }}
@@ -154,7 +154,7 @@ releases:
     timeout: {{ add .Values.base_timeout .Values.kratos_ui._extra_timeout }}
     <<: *logFailedRelease
     values:
-      - "../etc/kratos_ui/values.yaml"
+      - "../etc/kratos-ui/values.yaml"
       - {{ .Values.kratos_ui | toYaml | indent 8 | trim }}
     set:
       - name: serverName
@@ -177,6 +177,9 @@ releases:
     values:
       - "../etc/hydra/values.yaml"
       - {{ .Values.hydra | toYaml | indent 8 | trim }}
+    set:
+      - name: hydra.config.dsn
+        value: postgres://{{ .Values.management_portal.postgres.user }}:{{ .Values.management_portal.postgres.password }}@{{ .Values.management_portal.postgres.host }}:{{ .Values.management_portal.postgres.port }}/{{ .Values | get "hydra.jdbc.database" "hydra" }}
 
   - name: hydra-ui
     chart: ory/example-idp