apiVersion: v1
kind: Namespace
metadata:
  name: hydra
---
apiVersion: v1
data:
  config.yaml: |-
    "dsn": "sqlite:///var/lib/sqlite/hydra.sqlite?_fk=true"
    "strategies":
      "access_token": "jwt"
    "urls":
      "self":
        "issuer": "http://hydra.hydra.svc:4444/"
kind: ConfigMap
metadata:
  name: hydra-config
  namespace: hydra
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hydra
  name: hydra
  namespace: hydra
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hydra
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: hydra
    spec:
      containers:
      - args:
        - serve
        - all
        - --dangerous-force-http
        - --config
        - /data/hydra/config.yaml
        image: oryd/hydra:v1.11.7
        imagePullPolicy: IfNotPresent
        name: hydra
        ports:
        - containerPort: 5555
          name: token
        - containerPort: 4444
          name: public
        - containerPort: 4445
          name: admin
        resources: {}
        volumeMounts:
        - mountPath: /data/hydra/
          name: hydra-config
          readOnly: true
        - mountPath: /var/lib/sqlite
          name: hydra-sqlite
      initContainers:
      - args:
        - migrate
        - sql
        - -e
        - --yes
        - --config
        - /data/hydra/config.yaml
        image: oryd/hydra:v1.11.7
        imagePullPolicy: IfNotPresent
        name: hydra-sql-migrate
        volumeMounts:
        - mountPath: /data/hydra/
          name: hydra-config
          readOnly: true
        - mountPath: /var/lib/sqlite
          name: hydra-sqlite
      volumes:
      - configMap:
          name: hydra-config
        name: hydra-config
      - emptyDir: {}
        name: hydra-sqlite
---
apiVersion: v1
kind: Service
metadata:
  name: hydra
  namespace: hydra
spec:
  ports:
  - name: admin
    port: 4445
    protocol: TCP
    targetPort: admin
  - name: public
    port: 4444
    protocol: TCP
    targetPort: public
  - name: token
    port: 5555
    protocol: TCP
    targetPort: token
  selector:
    app: hydra
---
apiVersion: batch/v1
kind: Job
metadata:
  name: usercreator
  namespace: hydra
spec:
  template:
    spec:
      containers:
      - args:
        - -v
        - --header
        - 'Content-Type: application/json'
        - --data
        - '{"audience":["lokistack"],"client_id":"user","client_secret":"secret","grant_types":["client_credentials"],"token_endpoint_auth_method":"client_secret_basic"}'
        - http://hydra.hydra.svc:4445/clients
        image: alpine/curl
        name: usercreator
      restartPolicy: OnFailure
  ttlSecondsAfterFinished: 120