A Kubernetes controller for managing Hydra clients via CRDs
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
hack
k8s
pkg
vendor
.gitignore
Dockerfile
LICENSE
Makefile
README.md
controller.go
controller_test.go
main.go

README.md

Hydra Controller

This repository implements a simple controller for watching HydraClient resources as defined with a CustomResourceDefinition (CRD).

When a new HydraClient CRD is created, this controller will create an associated client in Hydra and a new Kubernetes Secret which will store the client secret value for the client to use. The Kubernetes Secret name is determined by the kubeSecretName value you must specify in the client CRD.

Installation

Where http://hydra-service is the path to the Kubernetes service for the Hydra installation in your cluster:

HYDRA_ENDPOINT_URL=http://hydra-service make deploy

Alternatively, you can edit the deployment yaml as desired at k8s/deployment.yaml prior to running make deploy, if you would prefer to use e.g. ConfigMaps or the like.

Usage

An example HydraClient resource is provided at k8s/examples/example-client.yaml.

Note that the example includes the Secret value, however if this is omitted then Hydra will generate its own Client Secret value which will be stored in the Kubernetes Secret. Allowing Hydra to generate the Secret value is the preferred method, but it is included in the example for completeness's sake.

The definition and validations are located at k8s/crd.yaml.

The client CRDs may be interacted with via kubectl with the hydraclient resource name or the associated hc shortname.

Create Clients

$ kubectl apply -f k8s/examples/example-client.yaml
hydraclient.hydracontroller.runecms.io/example-client created

List Clients

$ kubectl get hc
NAME             CREATED AT
example-client   2s

Describe Clients

$ kubectl describe hc example-client
Name:         example-client
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"hydracontroller.runecms.io/v1","kind":"HydraClient","metadata":{"annotations":{},"name":"example-client","namespace":"default"},"spec":{...
API Version:  hydracontroller.runecms.io/v1
Kind:         HydraClient
Metadata:
  Cluster Name:
  Creation Timestamp:  2018-07-19T19:26:50Z
  Generation:          1
  Resource Version:    851789
  Self Link:           /apis/hydracontroller.runecms.io/v1/namespaces/default/hydraclients/example-client
  UID:                 af320804-8b89-11e8-9b9c-70ed4586644c
Spec:
  Contacts:
    Some Contact
  Grant Types:
    authorization_code
    client_credentials
    refresh_token
  Id:                example-client
  Kube Secret Name:  hydra-example-client
  Name:              Example Client
  Owner:             Some Contact
  Redirect Uris:
    http://my-client.runecms.io/oauth/callback
  Response Types:
    id_token
    code
  Scope:   openid offline
  Secret:  mySuperSecretString
  Uri:     http://my-client.runecms.io
Events:    <none>

Delete Clients

$ kubectl delete hc example-client
hydraclient.hydracontroller.runecms.io "example-client" deleted