From 1eba66fad9c9c367b8114599f0fe2cbe59b0b940 Mon Sep 17 00:00:00 2001 From: Pauline Date: Tue, 8 Oct 2024 21:15:25 +0800 Subject: [PATCH 1/3] Update nginx config and disable liveness and readiness probe temporarily --- etc/kratos-ui/values.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/etc/kratos-ui/values.yaml b/etc/kratos-ui/values.yaml index 819363dc4..41cbabd89 100644 --- a/etc/kratos-ui/values.yaml +++ b/etc/kratos-ui/values.yaml @@ -5,7 +5,6 @@ ingress: enabled: true className: "nginx" annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - host: localhost @@ -36,4 +35,10 @@ projectName: "SecureApp" deployment: extraEnv: - name: HYDRA_ADMIN_URL - value: http://hydra-admin \ No newline at end of file + value: http://hydra-admin + +livenessProbe: + enabled: false + +readinessProbe: + enabled: false \ No newline at end of file From b7824a9f82d3dfab0c92c3ef007bdbfd90182c85 Mon Sep 17 00:00:00 2001 From: Pauline Date: Sat, 18 Jan 2025 13:18:00 +0000 Subject: [PATCH 2/3] Update hydra configs --- etc/cp-schema-registry/values.yaml | 1 + etc/hydra/values.yaml | 4 +++- helmfile.d/10-services.yaml | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/etc/cp-schema-registry/values.yaml b/etc/cp-schema-registry/values.yaml index ed26eee27..963a8f0c2 100644 --- a/etc/cp-schema-registry/values.yaml +++ b/etc/cp-schema-registry/values.yaml @@ -19,6 +19,7 @@ resources: ingress: enabled: true annotations: + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/rewrite-target: /$1 diff --git a/etc/hydra/values.yaml b/etc/hydra/values.yaml index 38781764e..857cbe3a8 100644 --- a/etc/hydra/values.yaml +++ b/etc/hydra/values.yaml @@ -8,7 +8,7 @@ ingress: hosts: - host: localhost paths: - - path: "/admin/hydra(/|$)(.*)" + - path: "/admin/hydra(/|$)(.*)" pathType: ImplementationSpecific tls: - secretName: radar-base-tls @@ -52,6 +52,8 @@ hydra: oauth2: allowed_top_level_claims: [scope,roles,authorities,sources,user_name] mirror_top_level_claims: false + client_credentials: + default_grant_allowed_scope: true serve: public: diff --git a/helmfile.d/10-services.yaml b/helmfile.d/10-services.yaml index 3337458ec..b6e7e149f 100644 --- a/helmfile.d/10-services.yaml +++ b/helmfile.d/10-services.yaml @@ -393,11 +393,11 @@ releases: - name: hydra.config.urls.self.issuer value: https://{{ .Values.server_name }}/hydra/ - name: hydra.config.urls.login - value: https://{{ .Values.server_name }}/kratos-ui/login + value: https://{{ .Values.server_name }}/kratos-ui/auth/oauth-login - name: hydra.config.urls.logout - value: https://{{ .Values.server_name }}/kratos-ui/logout + value: https://{{ .Values.server_name }}/kratos-ui/auth/logout - name: hydra.config.urls.consent - value: https://{{ .Values.server_name }}/kratos-ui/consent + value: https://{{ .Values.server_name }}/kratos-ui/auth/consent - name: ingress.public.hosts[0].host value: {{ .Values.server_name }} - name: ingress.admin.tls[0].hosts From 629782acda4c3c15dc9814e601813a566339dfa6 Mon Sep 17 00:00:00 2001 From: Pauline Date: Mon, 27 Jan 2025 11:42:02 +0000 Subject: [PATCH 3/3] Remove unnecessary nginx annotation in schema registry --- etc/cp-schema-registry/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/cp-schema-registry/values.yaml b/etc/cp-schema-registry/values.yaml index 963a8f0c2..ed26eee27 100644 --- a/etc/cp-schema-registry/values.yaml +++ b/etc/cp-schema-registry/values.yaml @@ -19,7 +19,6 @@ resources: ingress: enabled: true annotations: - kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/rewrite-target: /$1