apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# namespace: ory removed — all non-Helm resources already set namespace: ory
# explicitly, and the Helm charts use namespace: ory in their helmCharts spec.
# The kustomization-level transformer was incorrectly moving hydra-maester's
# enabledNamespaces Role (meant for lasuite) into the ory namespace, causing
# a duplicate-name conflict.

resources:
  - namespace.yaml
  - kratos-admin-deployment.yaml
  # Hydra chart CRDs are not rendered by helm template; apply manually.
  - hydra-oauth2client-crd.yaml
  - vault-secrets.yaml
  - ory-alertrules.yaml
  - hydra-servicemonitor.yaml
  - kratos-servicemonitor.yaml

patches:
  # Set Kratos selfservice UI URLs (DOMAIN_SUFFIX substituted at apply time).
  - path: kratos-selfservice-urls.yaml

  # The hydra-maester sub-chart does not set .Release.Namespace in its Deployment template.
  - patch: |
      - op: add
        path: /metadata/namespace
        value: ory
    target:
      kind: Deployment
      name: hydra-hydra-maester

helmCharts:
  # helm repo add ory https://k8s.ory.sh/helm/charts
  - name: kratos
    repo: https://k8s.ory.sh/helm/charts
    version: "0.60.1"
    releaseName: kratos
    namespace: ory
    valuesFile: kratos-values.yaml

  - name: hydra
    repo: https://k8s.ory.sh/helm/charts
    version: "0.60.1"
    releaseName: hydra
    namespace: ory
    valuesFile: hydra-values.yaml