Merge branch '1041-hydra-migration-error' into 'main'

Resolve "Hydra migration error" Closes #1041 See merge request stackspin/stackspin!624

Merge branch '1041-hydra-migration-error' into 'main'
Resolve "Hydra migration error" Closes #1041 See merge request stackspin/stackspin!624
460314fd · Arie Peterson · 2a47a629 · 39ae962a · 460314fd · 460314fd
Commit 460314fd authored 3 years ago by Arie Peterson
--- a/flux2/core/base/single-sign-on/kustomization.yaml
+++ b/flux2/core/base/single-sign-on/kustomization.yaml
@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: stackspin
 resources:
-  - pvc.yaml
+  - pvc-userbackend.yaml
+  - pvc-database.yaml
  - release.yaml
  - single-sign-on-values-configmap.yaml
--- a/flux2/core/base/single-sign-on/pvc-database.yaml
+++ b/flux2/core/base/single-sign-on/pvc-database.yaml
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: single-sign-on-database
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: local-path
--- a/flux2/core/base/single-sign-on/pvc.yaml
+++ b/flux2/core/base/single-sign-on/pvc.yaml
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -9,4 +10,4 @@ spec:
  resources:
    requests:
      storage: 1Gi
-  storageClassName: local-path
\ No newline at end of file
+  storageClassName: local-path
--- a/flux2/core/base/single-sign-on/release.yaml
+++ b/flux2/core/base/single-sign-on/release.yaml
@@ -19,6 +19,7 @@ spec:
  install:
    remediation:
      retries: 3
+    timeout: 10m
  valuesFrom:
    - kind: ConfigMap
      name: stackspin-single-sign-on-values

--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -39,6 +39,18 @@ data:
        # Let the backup system include nextcloud database data.
        backup.velero.io/backup-volumes: "database"

+    postgresql:
+      persistence:
+        existingClaim: single-sign-on-database
+      initdbScripts:
+        setup.sql: |
+          CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
+          CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
+          CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
+          CREATE DATABASE kratos WITH OWNER kratos;
+          CREATE DATABASE hydra WITH OWNER hydra;
+          CREATE DATABASE stackspin WITH OWNER stackspin;
+
    hydra:
      hydra:
        config:
@@ -50,7 +62,7 @@ data:
          secrets:
            system:
              - "${hydra_system_secret}"
-          dsn: "memory"
+          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-postgresql:5432/hydra"
      ingress:
        public:
          enabled: true
@@ -69,6 +81,11 @@ data:
        admin:
          enabled: false

+    kratos:
+      kratos:
+        config:
+          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+
    oAuthClients:
    - clientName: *USER_PANEL
      clientSecret: "${userpanel_oauth_client_secret}"

--- a/flux2/infrastructure/sources/single-sign-on.yaml
+++ b/flux2/infrastructure/sources/single-sign-on.yaml
@@ -14,4 +14,4 @@ spec:
  # For all available options, see:
  # https://toolkit.fluxcd.io/components/source/api/#source.toolkit.fluxcd.io/v1beta1.GitRepositoryRef
  ref:
-    tag: 0.4.1
+    tag: 0.4.2
--- a/install/templates/stackspin-single-sign-on-variables.yaml.jinja
+++ b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
@@ -8,3 +8,6 @@ data:
  userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
  hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
+  hydra_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"