Separate distributed chart

Author: terev

helm/charts/hydra-distributed/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+*.txt

helm/charts/hydra-distributed/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: ory-commons
+  repository: file://../ory-commons
+  version: 0.1.0
+- name: hydra-maester
+  repository: file://../hydra-maester
+  version: 0.50.3
+digest: sha256:18facc7a0739ed1f51746992bbeced44d84b8e0727b89b33f48dad914f4ecebb
+generated: "2024-12-04T11:40:27.919030591Z"

helm/charts/hydra-distributed/Chart.yaml

@@ -0,0 +1,33 @@
+apiVersion: v2
+appVersion: "v2.2.0"
+description: A Helm chart for deploying ORY Hydra in Kubernetes with a distributed layout.
+name: hydra
+icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
+version: 0.50.3
+keywords:
+  - oauth2
+  - openid-connect
+  - openid
+  - oidc
+  - op
+  - api-security
+  - security
+home: https://www.ory.sh/
+sources:
+  - https://github.com/ory/hydra
+  - https://github.com/ory/k8s
+maintainers: # (optional)
+  - name: ORY Team
+    email: [email protected]
+    url: https://www.ory.sh/
+type: application
+dependencies:
+  - name: ory-commons
+    version: 0.1.0
+    repository: file://../ory-commons
+    alias: ory
+  - name: hydra-maester
+    version: 0.50.3
+    condition: maester.enabled
+    alias: hydra-maester
+    repository: file://../hydra-maester

helm/charts/hydra-distributed/README.md

@@ -0,0 +1,17 @@
+set -Eeuo pipefail
+set -x
+
+function rollOut() {
+  DEPLOY=$(kubectl get deploy -n "${NAMESPACE}" -l "${1}" -o name)
+  kubectl set env -n $NAMESPACE ${DEPLOY} sync=$(date "+%Y%m%d-%H%M%S")
+  kubectl rollout status -n $NAMESPACE ${DEPLOY}
+}
+
+while true; do
+    # After change in the CM the symlink is recreated, so we need to restart the monitor
+    inotifywait --event DELETE_SELF "${WATCH_FILE}" |
+        while read path _ file; do
+           echo "---> $path$file modified"
+           rollOut "${LABEL_SELECTOR}"
+        done
+done

helm/charts/hydra-distributed/charts/hydra-maester-0.50.3.tgz

@@ -0,0 +1,97 @@
+{{ include "hydra.check.override.consistency" . }}
+The ORY Hydra HTTP Public API is available via:
+{{- if .Values.ingress.public.enabled }}
+{{- range $host := .Values.ingress.public.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.public.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.public.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hydra.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export HYDRA_PUBLIC_URL=http://$NODE_IP:$NODE_PORT
+  curl $HYDRA_PUBLIC_URL/.well-known/openid-configuration
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra token client \
+    --endpoint $HYDRA_PUBLIC_URL \
+    # ...
+
+{{- else if contains "LoadBalancer" .Values.service.public.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hydra.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hydra.fullname" . }}-public -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  export HYDRA_PUBLIC_URL=http://$SERVICE_IP:{{ .Values.service.public.port }}
+  curl $HYDRA_PUBLIC_URL/.well-known/openid-configuration
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra token client \
+    --endpoint $HYDRA_PUBLIC_URL \
+    # ...
+
+{{- else if contains "ClusterIP" .Values.service.public.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hydra.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:{{ .Values.service.public.port }} to use your application"
+  kubectl port-forward $POD_NAME {{ .Values.service.public.port }}:{{ .Values.hydra.config.serve.public.port }}
+  export HYDRA_PUBLIC_URL=http://127.0.0.1:{{ .Values.service.public.port }}/
+  curl $HYDRA_PUBLIC_URL/.well-known/openid-configuration
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra token client \
+    --endpoint $HYDRA_PUBLIC_URL \
+    # ...
+
+{{- end }}
+
+The ORY Hydra HTTP Admin API is available via:
+{{- if .Values.ingress.admin.enabled }}
+{{- range $host := .Values.ingress.admin.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.admin.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.admin.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hydra.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export HYDRA_ADMIN_URL=http://$NODE_IP:$NODE_PORT
+  curl $HYDRA_ADMIN_URL/clients
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra clients list \
+    --endpoint $HYDRA_ADMIN_URL
+
+{{- else if contains "LoadBalancer" .Values.service.admin.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hydra.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hydra.fullname" . }}-admin -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  export HYDRA_ADMIN_URL=http://$SERVICE_IP:{{ .Values.service.admin.port }}
+  curl $HYDRA_ADMIN_URL/clients
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra clients list \
+    --endpoint $HYDRA_ADMIN_URL
+
+{{- else if contains "ClusterIP" .Values.service.admin.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hydra.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:{{ .Values.service.admin.port }} to use your application"
+  kubectl port-forward $POD_NAME {{ .Values.service.admin.port }}:{{ .Values.hydra.config.serve.admin.port }}
+  export HYDRA_ADMIN_URL=http://127.0.0.1:{{ .Values.service.admin.port }}/
+  curl $HYDRA_ADMIN_URL/clients
+
+If you have the ORY Hydra CLI installed locally, you can run commands
+against this endpoint:
+
+  hydra clients list \
+    --endpoint $HYDRA_ADMIN_URL
+
+{{- end }}