diff --git a/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml b/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml
index fd1c5df055cfb0a193aa84fc6027aaad69bac9b0..2e1a668df382cdfa818ad88e3ad9b17a53a24d0c 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml
@@ -8,8 +8,8 @@ spec:
chart:
spec:
# renovate: registryUrl=https://charts.bitnami.com/bitnami
- chart: postgresql
- version: 10.16.2
+ chart: mariadb
+ version: 10.3.6
sourceRef:
kind: HelmRepository
name: bitnami
diff --git a/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml
index 29d1c52e343401a0de8452c7056e42cddff09659..16efc1ab0d380b0a3b5c8acc112663c2c1f7820e 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml
@@ -5,18 +5,23 @@ metadata:
name: stackspin-single-sign-on-database-values
data:
values.yaml: |
- persistence:
- enabled: true
- existingClaim: single-sign-on-database
+ auth:
+ rootPassword: '${database_root_password}'
initdbScripts:
setup.sql: |
- CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
- CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
- CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
- CREATE DATABASE kratos WITH OWNER kratos;
- CREATE DATABASE hydra WITH OWNER hydra;
- CREATE DATABASE stackspin WITH OWNER stackspin;
+ CREATE USER hydra IDENTIFIED BY '${hydra_database_password}';
+ CREATE USER kratos IDENTIFIED BY '${kratos_database_password}';
+ CREATE USER stackspin IDENTIFIED BY '${dashboard_database_password}';
+ CREATE DATABASE kratos;
+ CREATE DATABASE hydra;
+ CREATE DATABASE stackspin;
+ GRANT ALL PRIVILEGES ON hydra.* TO 'hydra'@'%';
+ GRANT ALL PRIVILEGES ON kratos.* TO 'kratos'@'%';
+ GRANT ALL PRIVILEGES ON stackspin.* TO 'stackspin'@'%';
primary:
+ persistence:
+ enabled: true
+ existingClaim: single-sign-on-database
podAnnotations:
backup.velero.io/backup-volumes: "data"
commonLabels:
diff --git a/flux2/core/base/single-sign-on/single-sign-on-release.yaml b/flux2/core/base/single-sign-on/single-sign-on-release.yaml
index a16075c8236de6ae3913c47f1a6729af1096cd42..2bb1688774256c0b8ac9d10adbacf0f016dc597f 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-release.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-release.yaml
@@ -11,7 +11,7 @@ spec:
spec:
# renovate: registryUrl=https://open.greenhost.net/api/v4/projects/8/packages/helm/stable
chart: single-sign-on
- version: 0.7.8
+ version: 0.8.0
sourceRef:
kind: HelmRepository
name: single-sign-on
diff --git a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
index 5adcd3f3d0c8093c32057afc035486bf17326c29..31f2a53669697e5feca74364641650134181e958 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -11,8 +11,8 @@ data:
user: ${admin_email}
password: ${userbackend_admin_password}
db:
- hostname: single-sign-on-database-postgresql
- password: ${dashboard_postgresql_password}
+ hostname: single-sign-on-database-mariadb
+ password: ${dashboard_database_password}
hydra-maester:
# Watches the flux-system namespace because that is where the app
@@ -33,7 +33,7 @@ data:
secrets:
system:
- "${hydra_system_secret}"
- dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-database-postgresql:5432/hydra"
+ dsn: "mysql://hydra:${hydra_database_password}@tcp(single-sign-on-database-mariadb:3306)/hydra?parseTime=true&sql_mode=''"
ingress:
public:
enabled: true
@@ -55,7 +55,7 @@ data:
kratos:
kratos:
config:
- dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-database-postgresql:5432/kratos"
+ dsn: "mysql://kratos:${kratos_database_password}@tcp(single-sign-on-database-mariadb:3306)/kratos?parseTime=true&sql_mode=''"
serve:
public:
base_url: https://sso.${domain}/api/
diff --git a/flux2/core/base/sources/single-sign-on.yaml b/flux2/core/base/sources/single-sign-on.yaml
index f9d499d24f14a3240aba761d1eac65338e9aac39..8808e2248894c9256029d08daee33ebb1cf0a197 100644
--- a/flux2/core/base/sources/single-sign-on.yaml
+++ b/flux2/core/base/sources/single-sign-on.yaml
@@ -8,4 +8,4 @@ spec:
# The interval at which to check the upstream for updates
interval: 1h
# The repository URL, can be a HTTP/S or SSH address
- url: https://open.greenhost.net/api/v4/projects/8/packages/helm/stable
+ url: https://open.greenhost.net/api/v4/projects/8/packages/helm/unstable
diff --git a/install/generate_secrets.py b/install/generate_secrets.py
index ace28adefcd43482f1aa1e5caa4814e0ce6c9e23..a9ed8e9f86da62f007aff06dc5444e9814f881ca 100644
--- a/install/generate_secrets.py
+++ b/install/generate_secrets.py
@@ -23,6 +23,7 @@ from kubernetes import client, config
from kubernetes.client import api_client
from kubernetes.client.exceptions import ApiException
from kubernetes.utils import create_from_yaml
+from kubernetes.utils.create_from_yaml import FailToCreateError
# This script gets called with an app name as argument. Most of them need an
# oauth client in Hydra, but some don't. This list contains the ones that
@@ -177,17 +178,22 @@ def store_kubernetes_secret(secret_dict, namespace, update=False):
api_response = patch_kubernetes_secret(secret_dict, namespace)
else:
verb = "created"
- api_response = create_from_yaml(
- api_client_instance, yaml_objects=[
- secret_dict], namespace=namespace
- )
+ try:
+ api_response = create_from_yaml(
+ api_client_instance,
+ yaml_objects=[secret_dict],
+ namespace=namespace
+ )
+ except FailToCreateError as ex:
+ print(f"Secret not {verb} because of exception {ex}")
+ return
print(f"Secret {verb} with api response: {api_response}")
def patch_kubernetes_secret(secret_dict, namespace):
"""Patches secret in the cluster with new data."""
api_client_instance = api_client.ApiClient()
- api_instance = client.CoreV1Api(apiclient)
+ api_instance = client.CoreV1Api(api_client_instance)
name = secret_dict["metadata"]["name"]
body = {}
body["data"] = secret_dict["data"]
diff --git a/install/templates/stackspin-single-sign-on-variables.yaml.jinja b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
index e11fbae5df1d5141d39404c0558ad599cb2e2152..beb7eb2bae0890dd8202277947918e6a36e6ef9f 100644
--- a/install/templates/stackspin-single-sign-on-variables.yaml.jinja
+++ b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
@@ -4,9 +4,10 @@ kind: Secret
metadata:
name: stackspin-single-sign-on-variables
data:
- dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"
- hydra_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+ database_root_password: "{{ 32 | generate_password | b64encode }}"
+ dashboard_database_password: "{{ 32 | generate_password | b64encode }}"
+ hydra_database_password: "{{ 32 | generate_password | b64encode }}"
hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
- kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+ kratos_database_password: "{{ 32 | generate_password | b64encode }}"
kratos_session_secret: "{{ 32 | generate_password | b64encode }}"
userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/stackspin/cluster.py b/stackspin/cluster.py
index 482d757fc9a9c4dfc4d77f79154bb9252453cbe1..583739249e14ff4222eb415396a3a242b2150cea 100644
--- a/stackspin/cluster.py
+++ b/stackspin/cluster.py
@@ -210,7 +210,7 @@ KUBECONFIG={cluster_dir}/kube_config_cluster.yml
'onlyoffice_rabbitmq_password'],
'stackspin-single-sign-on-variables': [
'userbackend_admin_password',
- 'dashboard_postgresql_password',
+ 'dashboard_database_password',
'hydra_system_secret'],
'stackspin-wordpress-variables': [
'wordpress_admin_password',