From bc3b57c56ddf2f93037cb6159cdc34d848d442b5 Mon Sep 17 00:00:00 2001 From: Trevor Foster Date: Mon, 30 Sep 2024 13:33:55 -0400 Subject: [PATCH] feat(hydra): option to create separate admin and public deploys --- helm/charts/hydra/README.md | 3 + .../hydra/templates/deployment-admin.yaml | 247 ++++++++++++++++++ .../hydra/templates/deployment-public.yaml | 246 +++++++++++++++++ helm/charts/hydra/templates/deployment.yaml | 2 + .../charts/hydra/templates/hpa-separated.yaml | 43 +++ helm/charts/hydra/templates/hpa.yaml | 2 + .../charts/hydra/templates/service-admin.yaml | 3 + .../hydra/templates/service-public.yaml | 4 + helm/charts/hydra/values.yaml | 7 + 9 files changed, 557 insertions(+) create mode 100644 helm/charts/hydra/templates/deployment-admin.yaml create mode 100644 helm/charts/hydra/templates/deployment-public.yaml create mode 100644 helm/charts/hydra/templates/hpa-separated.yaml diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md index d231b68e2e..c4ed5d2bed 100644 --- a/helm/charts/hydra/README.md +++ b/helm/charts/hydra/README.md @@ -54,6 +54,9 @@ A Helm chart for deploying ORY Hydra in Kubernetes | cronjob.janitor.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | cronjob.janitor.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | cronjob.janitor.tolerations | list | `[]` | Configure node tolerations | +| separateAdminAndPublicDeploys | bool | `false` | When `true` separate deploys will be created for admin and public components. Use `deployment.admin` and `deployment.public` to configure component specific options. | +| deployment.admin | object | `{}` | When separateAdminAndPublicDeploys is enabled, this field acts as overrides only for the `hydra-admin` deployment object. | +| deployment.public | object | `{}` | When separateAdminAndPublicDeploys is enabled, this field acts as overrides only for the `hydra-public` deployment object. | | deployment.annotations | object | `{}` | Set custom deployment level annotations | | deployment.automigration | object | `{"extraEnv":[]}` | Parameters for the automigration initContainer | | deployment.automigration.extraEnv | list | `[]` | Array of extra envs to be passed to the initContainer. Kubernetes format is expected. Value is processed with Helm `tpl` - name: FOO value: BAR | diff --git a/helm/charts/hydra/templates/deployment-admin.yaml b/helm/charts/hydra/templates/deployment-admin.yaml new file mode 100644 index 0000000000..ec9e2e06c0 --- /dev/null +++ b/helm/charts/hydra/templates/deployment-admin.yaml @@ -0,0 +1,247 @@ +{{- if .Values.separateAdminAndPublicDeploys -}} +{{- include "hydra.automigration.typeVerification" . -}} +{{- $deployValues := merge .Values.deployment.admin (omit .Values.deployment "admin" "public") -}} +{{- $migrationExtraEnv := ternary $deployValues.automigration.extraEnv $deployValues.extraEnv (not (empty $deployValues.automigration.extraEnv )) -}} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hydra.fullname" . }}-admin + {{- if .Release.Namespace }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: + {{- include "hydra.labels" . | nindent 4 }} + {{- with $deployValues.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + app.kubernetes.io/component: admin + annotations: + {{- with $deployValues.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if not $deployValues.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + revisionHistoryLimit: {{ $deployValues.revisionHistoryLimit }} + strategy: + {{- toYaml $deployValues.strategy | nindent 4 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "hydra.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: admin + template: + metadata: + labels: + {{- include "hydra.labels" . | nindent 8 }} + {{- with $deployValues.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podMetadata.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + app.kubernetes.io/component: admin + annotations: + {{- include "hydra.annotations.checksum" . | nindent 8 -}} + {{- with $deployValues.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podMetadata.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ include "hydra.name" . }}-config-volume + configMap: + name: {{ include "hydra.fullname" . }} + {{- if $deployValues.extraVolumes }} + {{- toYaml $deployValues.extraVolumes | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "hydra.serviceAccountName" . }} + automountServiceAccountToken: {{ $deployValues.automountServiceAccountToken }} + terminationGracePeriodSeconds: {{ $deployValues.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }}-admin + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: {{- toYaml .Values.hydra.command | nindent 12 }} + {{- if .Values.hydra.customArgs }} + args: {{- toYaml .Values.hydra.customArgs | nindent 12 }} + {{- else }} + args: + - serve + - admin + {{- if .Values.hydra.dev }} + - "--dev" + {{- end }} + - --config + - /etc/config/hydra.yaml + {{- end }} + volumeMounts: + - name: {{ include "hydra.name" . }}-config-volume + mountPath: /etc/config + readOnly: true + {{- if $deployValues.extraVolumeMounts }} + {{- toYaml $deployValues.extraVolumeMounts | nindent 12 }} + {{- end }} + ports: + - name: http-admin + containerPort: {{ .Values.hydra.config.serve.admin.port }} + protocol: TCP + livenessProbe: + {{- if $deployValues.customLivenessProbe }} + {{- toYaml $deployValues.customLivenessProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/alive + port: {{ .Values.hydra.config.serve.admin.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.livenessProbe | nindent 12 }} + {{- end }} + readinessProbe: + {{- if $deployValues.customReadinessProbe }} + {{- toYaml $deployValues.customReadinessProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/ready + port: {{ .Values.hydra.config.serve.admin.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.readinessProbe | nindent 12 }} + {{- end }} + startupProbe: + {{- if $deployValues.customStartupProbe }} + {{- toYaml $deployValues.customStartupProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/ready + port: {{ .Values.hydra.config.serve.admin.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.startupProbe | nindent 12 }} + {{- end }} + env: + {{- $issuer := include "hydra.config.urls.issuer" . -}} + {{- if $issuer }} + - name: URLS_SELF_ISSUER + value: {{ $issuer | quote }} + {{- end }} + {{- if not (empty ( include "hydra.dsn" . )) }} + {{- if not (include "ory.extraEnvContainsEnvName" (list $deployValues.extraEnv "DSN")) }} + - name: DSN + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: dsn + {{- end }} + {{- end }} + - name: SECRETS_SYSTEM + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: secretsSystem + - name: SECRETS_COOKIE + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: secretsCookie + {{- if $deployValues.extraEnv }} + {{- tpl (toYaml $deployValues.extraEnv) . | nindent 12 }} + {{- end }} + resources: + {{- toYaml $deployValues.resources | nindent 12 }} + {{- if $deployValues.securityContext }} + securityContext: + {{- toYaml $deployValues.securityContext | nindent 12 }} + {{- end }} + lifecycle: + {{- toYaml $deployValues.lifecycle | nindent 12 }} + {{- if $deployValues.extraContainers }} + {{- tpl $deployValues.extraContainers . | nindent 8 }} + {{- end }} + initContainers: + {{- if $deployValues.extraInitContainers }} + {{- tpl $deployValues.extraInitContainers . | nindent 8 }} + {{- end }} + {{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "initContainer" ) }} + - name: {{ .Chart.Name }}-automigrate + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.hydra.automigration.customCommand }} + command: {{- toYaml .Values.hydra.automigration.customCommand | nindent 12 }} + {{- else }} + command: ["hydra"] + {{- end }} + {{- if .Values.hydra.automigration.customArgs }} + args: {{- toYaml .Values.hydra.automigration.customArgs | nindent 12 }} + {{- else }} + args: ["migrate", "sql", "-e", "--yes", "--config", "/etc/config/hydra.yaml"] + {{- end }} + volumeMounts: + - name: {{ include "hydra.name" . }}-config-volume + mountPath: /etc/config + readOnly: true + {{- with $deployValues.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- if not (empty ( include "hydra.dsn" . )) }} + {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }} + - name: DSN + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: dsn + {{- end }} + {{- end }} + {{- if $migrationExtraEnv }} + {{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }} + {{- end }} + {{- if .Values.hydra.automigration.resources }} + resources: + {{- toYaml .Values.hydra.automigration.resources | nindent 12 }} + {{- end }} + {{- with $deployValues.initContainerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with $deployValues.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end -}} diff --git a/helm/charts/hydra/templates/deployment-public.yaml b/helm/charts/hydra/templates/deployment-public.yaml new file mode 100644 index 0000000000..9bd34fb51b --- /dev/null +++ b/helm/charts/hydra/templates/deployment-public.yaml @@ -0,0 +1,246 @@ +{{- if .Values.separateAdminAndPublicDeploys -}} +{{- $deployValues := merge .Values.deployment.public (omit .Values.deployment "admin" "public") -}} +{{- $migrationExtraEnv := ternary $deployValues.automigration.extraEnv $deployValues.extraEnv (not (empty $deployValues.automigration.extraEnv )) -}} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hydra.fullname" . }}-public + {{- if .Release.Namespace }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: + {{- include "hydra.labels" . | nindent 4 }} + {{- with $deployValues.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + app.kubernetes.io/component: public + annotations: + {{- with $deployValues.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if not $deployValues.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + revisionHistoryLimit: {{ $deployValues.revisionHistoryLimit }} + strategy: + {{- toYaml $deployValues.strategy | nindent 4 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "hydra.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: public + template: + metadata: + labels: + {{- include "hydra.labels" . | nindent 8 }} + {{- with $deployValues.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podMetadata.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + app.kubernetes.io/component: public + annotations: + {{- include "hydra.annotations.checksum" . | nindent 8 -}} + {{- with $deployValues.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podMetadata.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ include "hydra.name" . }}-config-volume + configMap: + name: {{ include "hydra.fullname" . }} + {{- if $deployValues.extraVolumes }} + {{- toYaml $deployValues.extraVolumes | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "hydra.serviceAccountName" . }} + automountServiceAccountToken: {{ $deployValues.automountServiceAccountToken }} + terminationGracePeriodSeconds: {{ $deployValues.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }}-public + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: {{- toYaml .Values.hydra.command | nindent 12 }} + {{- if .Values.hydra.customArgs }} + args: {{- toYaml .Values.hydra.customArgs | nindent 12 }} + {{- else }} + args: + - serve + - public + {{- if .Values.hydra.dev }} + - "--dev" + {{- end }} + - --config + - /etc/config/hydra.yaml + {{- end }} + volumeMounts: + - name: {{ include "hydra.name" . }}-config-volume + mountPath: /etc/config + readOnly: true + {{- if $deployValues.extraVolumeMounts }} + {{- toYaml $deployValues.extraVolumeMounts | nindent 12 }} + {{- end }} + ports: + - name: http-public + containerPort: {{ .Values.hydra.config.serve.public.port }} + protocol: TCP + livenessProbe: + {{- if $deployValues.customLivenessProbe }} + {{- toYaml $deployValues.customLivenessProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/alive + port: {{ .Values.hydra.config.serve.public.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.livenessProbe | nindent 12 }} + {{- end }} + readinessProbe: + {{- if $deployValues.customReadinessProbe }} + {{- toYaml $deployValues.customReadinessProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/ready + port: {{ .Values.hydra.config.serve.public.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.readinessProbe | nindent 12 }} + {{- end }} + startupProbe: + {{- if $deployValues.customStartupProbe }} + {{- toYaml $deployValues.customStartupProbe | nindent 12 }} + {{- else }} + httpGet: + path: /health/ready + port: {{ .Values.hydra.config.serve.public.port }} + httpHeaders: + - name: Host + value: '127.0.0.1' + {{- toYaml $deployValues.startupProbe | nindent 12 }} + {{- end }} + env: + {{- $issuer := include "hydra.config.urls.issuer" . -}} + {{- if $issuer }} + - name: URLS_SELF_ISSUER + value: {{ $issuer | quote }} + {{- end }} + {{- if not (empty ( include "hydra.dsn" . )) }} + {{- if not (include "ory.extraEnvContainsEnvName" (list $deployValues.extraEnv "DSN")) }} + - name: DSN + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: dsn + {{- end }} + {{- end }} + - name: SECRETS_SYSTEM + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: secretsSystem + - name: SECRETS_COOKIE + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: secretsCookie + {{- if $deployValues.extraEnv }} + {{- tpl (toYaml $deployValues.extraEnv) . | nindent 12 }} + {{- end }} + resources: + {{- toYaml $deployValues.resources | nindent 12 }} + {{- if $deployValues.securityContext }} + securityContext: + {{- toYaml $deployValues.securityContext | nindent 12 }} + {{- end }} + lifecycle: + {{- toYaml $deployValues.lifecycle | nindent 12 }} + {{- if $deployValues.extraContainers }} + {{- tpl $deployValues.extraContainers . | nindent 8 }} + {{- end }} + initContainers: + {{- if $deployValues.extraInitContainers }} + {{- tpl $deployValues.extraInitContainers . | nindent 8 }} + {{- end }} + {{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "initContainer" ) }} + - name: {{ .Chart.Name }}-automigrate + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.hydra.automigration.customCommand }} + command: {{- toYaml .Values.hydra.automigration.customCommand | nindent 12 }} + {{- else }} + command: ["hydra"] + {{- end }} + {{- if .Values.hydra.automigration.customArgs }} + args: {{- toYaml .Values.hydra.automigration.customArgs | nindent 12 }} + {{- else }} + args: ["migrate", "sql", "-e", "--yes", "--config", "/etc/config/hydra.yaml"] + {{- end }} + volumeMounts: + - name: {{ include "hydra.name" . }}-config-volume + mountPath: /etc/config + readOnly: true + {{- with $deployValues.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- if not (empty ( include "hydra.dsn" . )) }} + {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }} + - name: DSN + valueFrom: + secretKeyRef: + name: {{ include "hydra.secretname" . }} + key: dsn + {{- end }} + {{- end }} + {{- if $migrationExtraEnv }} + {{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }} + {{- end }} + {{- if .Values.hydra.automigration.resources }} + resources: + {{- toYaml .Values.hydra.automigration.resources | nindent 12 }} + {{- end }} + {{- with $deployValues.initContainerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with $deployValues.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end -}} diff --git a/helm/charts/hydra/templates/deployment.yaml b/helm/charts/hydra/templates/deployment.yaml index c67aee8c2f..0ada28d681 100644 --- a/helm/charts/hydra/templates/deployment.yaml +++ b/helm/charts/hydra/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.separateAdminAndPublicDeploys | not -}} {{- include "hydra.automigration.typeVerification" . -}} {{- $migrationExtraEnv := ternary .Values.deployment.automigration.extraEnv .Values.deployment.extraEnv (not (empty .Values.deployment.automigration.extraEnv )) -}} @@ -242,3 +243,4 @@ spec: dnsConfig: {{- toYaml . | nindent 8 }} {{- end }} +{{- end -}} diff --git a/helm/charts/hydra/templates/hpa-separated.yaml b/helm/charts/hydra/templates/hpa-separated.yaml new file mode 100644 index 0000000000..63c27ef648 --- /dev/null +++ b/helm/charts/hydra/templates/hpa-separated.yaml @@ -0,0 +1,43 @@ +{{- if .Values.separateAdminAndPublicDeploys }} +{{- range list "admin" "public" }} +{{- $deployValues := merge (deepCopy (get $.Values.deployment .)) (omit $.Values.deployment "admin" "public") }} +{{- if $deployValues.autoscaling.enabled }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- if $.Release.Namespace }} + namespace: {{ $.Release.Namespace }} + {{- end }} + name: {{ include "hydra.fullname" $ }}-{{.}} + labels: + {{- include "hydra.labels" $ | nindent 4 }} + app.kubernetes.io/component: {{. | quote}} +spec: + {{- with $deployValues.autoscaling.behavior }} + behavior: {{- toYaml . | nindent 4 }} + {{- end }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "hydra.fullname" $ }}-{{.}} + minReplicas: {{ $deployValues.autoscaling.minReplicas }} + maxReplicas: {{ $deployValues.autoscaling.maxReplicas }} + metrics: + {{- with $deployValues.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $deployValues.autoscaling.targetCPU}} + - type: Resource + resource: + name: cpu + target: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/hydra/templates/hpa.yaml b/helm/charts/hydra/templates/hpa.yaml index 5c4f5df1b3..7829a3ce36 100644 --- a/helm/charts/hydra/templates/hpa.yaml +++ b/helm/charts/hydra/templates/hpa.yaml @@ -1,3 +1,4 @@ +{{- if .Values.separateAdminAndPublicDeploys | not }} {{- if .Values.deployment.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler @@ -34,3 +35,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/hydra/templates/service-admin.yaml b/helm/charts/hydra/templates/service-admin.yaml index 100d9581d2..1da45cb40e 100644 --- a/helm/charts/hydra/templates/service-admin.yaml +++ b/helm/charts/hydra/templates/service-admin.yaml @@ -32,6 +32,9 @@ spec: selector: app.kubernetes.io/name: {{ include "hydra.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.separateAdminAndPublicDeploys }} + app.kubernetes.io/component: admin + {{- end }} {{- if .Values.serviceMonitor.enabled }} --- apiVersion: monitoring.coreos.com/v1 diff --git a/helm/charts/hydra/templates/service-public.yaml b/helm/charts/hydra/templates/service-public.yaml index 570aad2381..fdef3729d8 100644 --- a/helm/charts/hydra/templates/service-public.yaml +++ b/helm/charts/hydra/templates/service-public.yaml @@ -11,6 +11,7 @@ metadata: {{- with .Values.service.public.labels }} {{- toYaml . | nindent 4 }} {{- end }} + app.kubernetes.io/component: public annotations: {{- with .Values.service.public.annotations }} {{- toYaml . | nindent 4 }} @@ -30,4 +31,7 @@ spec: selector: app.kubernetes.io/name: {{ include "hydra.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.separateAdminAndPublicDeploys }} + app.kubernetes.io/component: public + {{- end }} {{- end }} diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml index 1e6d87a4ef..58a0d037dd 100644 --- a/helm/charts/hydra/values.yaml +++ b/helm/charts/hydra/values.yaml @@ -176,8 +176,15 @@ hydra: # -- Enable dev mode, not secure in production environments dev: false +# When `true` separate deploys will be created for admin and public components. Use `deployment.admin` and `deployment.public` to configure component specific options. +separateAdminAndPublicDeploys: false + ## -- Deployment specific config deployment: + # When separateAdminAndPublicDeploys is enabled, the admin/public fields act as overrides for the individual deploys. + admin: {} + public: {} + strategy: type: RollingUpdate rollingUpdate: