Merge branch '1041-hydra-migration-error' into 'main'

Resolve "Hydra migration error"

Closes #1041

See merge request stackspin/stackspin!624

flux2/core/base/single-sign-on/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: stackspin
 resources:
-  - pvc.yaml
+  - pvc-userbackend.yaml
+  - pvc-database.yaml
   - release.yaml
   - single-sign-on-values-configmap.yaml

flux2/core/base/single-sign-on/pvc-database.yaml

+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: single-sign-on-database
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: local-path

flux2/core/base/single-sign-on/pvc.yaml → flux2/core/base/single-sign-on/pvc-userbackend.yaml

+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -9,4 +10,4 @@ spec:
   resources:
     requests:
       storage: 1Gi
-  storageClassName: local-path
+  storageClassName: local-path
\ No newline at end of file

flux2/core/base/single-sign-on/release.yaml

@@ -19,6 +19,7 @@ spec:
   install:
     remediation:
       retries: 3
+    timeout: 10m
   valuesFrom:
     - kind: ConfigMap
       name: stackspin-single-sign-on-values

flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml

@@ -39,6 +39,18 @@ data:
         # Let the backup system include nextcloud database data.
         backup.velero.io/backup-volumes: "database"
 
+    postgresql:
+      persistence:
+        existingClaim: single-sign-on-database
+      initdbScripts:
+        setup.sql: |
+          CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
+          CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
+          CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
+          CREATE DATABASE kratos WITH OWNER kratos;
+          CREATE DATABASE hydra WITH OWNER hydra;
+          CREATE DATABASE stackspin WITH OWNER stackspin;
+
     hydra:
       hydra:
         config:
@@ -50,7 +62,7 @@ data:
           secrets:
             system:
               - "${hydra_system_secret}"
-          dsn: "memory"
+          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-postgresql:5432/hydra"
       ingress:
         public:
           enabled: true
@@ -69,6 +81,11 @@ data:
         admin:
           enabled: false
 
+    kratos:
+      kratos:
+        config:
+          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+
     oAuthClients:
     - clientName: *USER_PANEL
       clientSecret: "${userpanel_oauth_client_secret}"

flux2/infrastructure/sources/single-sign-on.yaml

@@ -14,4 +14,4 @@ spec:
   # For all available options, see:
   # https://toolkit.fluxcd.io/components/source/api/#source.toolkit.fluxcd.io/v1beta1.GitRepositoryRef
   ref:
-    tag: 0.4.1
+    tag: 0.4.2

install/templates/stackspin-single-sign-on-variables.yaml.jinja

@@ -8,3 +8,6 @@ data:
   userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
   userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
   hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
+  hydra_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"