job-create-oauth-clients.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "single-sign-on.fullname" . }}-create-oauth2-clients
  labels:
{{ include "single-sign-on.labels" . | indent 4 }}
  annontations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-weight": "-4"
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/managed-by: {{.Release.Service | quote }}
        app.kubernetes.io/instance: {{.Release.Name | quote }}
        helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
    spec:
      restartPolicy: Never
      containers:
      {{- range .Values.oAuthClients }}
      - name: {{ .clientName | quote }}
        image: {{ $.Values.userbackend.image.repository }}:{{ $.Values.userbackend.image.tag }}
        imagePullPolicy: {{ $.Values.userbackend.image.pullPolicy }}
        env:
        - name: CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: oauth2-clients
              key: {{ .clientName }}_client_id
        - name: CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: oauth2-clients
              key: {{ .clientName }}_client_secret
        - name: CLIENT_NAME
          value: {{ .clientName | quote }}
        - name: REDIRECT_URI
          value: {{ .redirectUri | quote }}
        - name: SCOPES
          value: {{ .scopes | quote }}
        - name: CLIENT_URI
          value: {{ .clientUri | quote }}
        - name: CLIENT_LOGO_URI
          value: {{ .clientLogoUri | quote }}
        - name: TOKEN_ENDPOINT_AUTH_METHOD
          value: {{ .tokenEndpointAuthMethod | quote }}
        - name: RESPONSE_TYPES
          value: "{{- range .responseTypes }}\"{{ . }}\",{{- end }}"
        - name: GRANT_TYPES
          value: "{{- range .grantTypes }}\"{{ . }}\",{{- end }}"
        command: ["/bin/bash", "-c"]
        args:
        - >
          curl http://{{ $.Release.Name }}-hydra-admin:4445/clients &&
          curl --header "Content-Type: application/json" \
               --request POST \
               --data "{\"client_id\": \"$CLIENT_ID\",
                        \"client_name\": \"$CLIENT_NAME\",
                        \"client_secret\": \"$CLIENT_SECRET\",
                        \"client_uri\": \"$CLIENT_URI\",
                        \"logo_uri\": \"$CLIENT_LOGO_URI\",
                        \"redirect_uris\": [\"$REDIRECT_URI\"],
                        \"scope\": \"$SCOPES\",
                        \"grant_types\": [$GRANT_TYPES\"\"],
                        \"response_types\": [$RESPONSE_TYPES\"\"],
                        \"token_endpoint_auth_method\": \"client_secret_post\"}" \
               http://{{ $.Release.Name }}-hydra-admin:4445/clients
      {{- end }}