This commit is contained in:
bom 2021-07-09 16:21:17 +02:00
parent d0a57b48fb
commit 8e3b007e06
11 changed files with 193 additions and 5 deletions

View file

@ -10,7 +10,7 @@
(into [] %)
%) lazy-seq))
(defn load-resource [resource-name]
(defmethod load-resource :clj [resource-name]
(slurp (io/resource resource-name)))
(defn from-string [input]
@ -18,3 +18,8 @@
(defn to-string [edn]
(yaml/generate-string edn :dumper-options {:flow-style :block}))
(defn dispatch-by-resource-name
[resource])
(defmulti load-resource dispatch-by-resource-name)

View file

@ -2,17 +2,18 @@
(:require
[clojure.walk]))
(defn bash-env-string?
(defn ^{:deprecated "0.1"} bash-env-string?
[input]
(and (string? input)
(not (re-matches #".*['\"\$]+.*" input))))
(defn fqdn-string?
(defn ^{:deprecated "0.1"} fqdn-string?
[input]
(and (string? input)
(some? (re-matches #"(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)" input))))
(defn letsencrypt-issuer?
(defn ^{:deprecated "0.1"} letsencrypt-issuer?
[input]
(contains? #{:prod :staging} input))

View file

@ -0,0 +1,35 @@
(ns dda.c4k-common.postgres
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm]))
(s/def ::postgres-db-user cm/bash-env-string?)
(s/def ::postgres-db-password cm/bash-env-string?)
(s/def ::postgres-data-volume-path string?)
(defn generate-config []
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
(defn generate-deployment []
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml")))
(defn generate-persistent-volume [config]
(let [{:keys [postgres-data-volume-path]} config]
(->
(yaml/from-string (yaml/load-resource "postgres/persistent-volume.yaml"))
(assoc-in [:spec :hostPath :path] postgres-data-volume-path))))
(defn generate-pvc []
(yaml/from-string (yaml/load-resource "postgres/pvc.yaml")))
(defn generate-secret [my-auth]
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
(->
(yaml/from-string (yaml/load-resource "postgres/secret.yaml"))
(cm/replace-key-value :postgres-user (b64/encode postgres-db-user))
(cm/replace-key-value :postgres-password (b64/encode postgres-db-password)))))
(defn generate-service []
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))

View file

@ -0,0 +1,15 @@
(ns dda.c4k-common.prefixes)
(defn bash-env-string?
[input]
(and (string? input)
(not (re-matches #".*['\"\$]+.*" input))))
(defn fqdn-string?
[input]
(and (string? input)
(some? (re-matches #"(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)" input))))
(defn letsencrypt-issuer?
[input]
(contains? #{:prod :staging} input))

View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
labels:
app: postgres
data:
postgres-db: jira
postgresql.conf: |
max_connections = 1000
shared_buffers = 512MB

View file

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
spec:
selector:
matchLabels:
app: postgresql
strategy:
type: Recreate
template:
metadata:
labels:
app: postgresql
spec:
containers:
- image: postgres
name: postgresql
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
ports:
- containerPort: 5432
name: postgresql
volumeMounts:
- name: postgres-config-volume
mountPath: /etc/postgresql/postgresql.conf
subPath: postgresql.conf
readOnly: true
- name: postgre-data-volume
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-config-volume
configMap:
name: postgres-config
- name: postgre-data-volume
persistentVolumeClaim:
claimName: postgres-claim

View file

@ -0,0 +1,14 @@
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pv-volume
labels:
type: local
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
capacity:
storage: 10Gi
hostPath:
path: "/var/postgres"

View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-claim
labels:
app: postgres
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

View file

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
type: Opaque
data:
postgres-user: "psql-user"
postgres-password: "psql-pw"

View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: postgresql-service
spec:
selector:
app: postgresql
ports:
- port: 5432

View file

@ -0,0 +1,26 @@
(ns dda.c4k-common.postgres-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-common.postgres :as cut]))
(deftest should-generate-persistent-volume
(is (= {:kind "PersistentVolume"
:apiVersion "v1"
:metadata
{:name "postgres-pv-volume", :labels {:type "local"}}
:spec
{:storageClassName "manual"
:accessModes ["ReadWriteOnce"]
:capacity {:storage "10Gi"}
:hostPath {:path "xx"}}}
(cut/generate-persistent-volume {:postgres-data-volume-path "xx"}))))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "postgres-secret"}
:type "Opaque"
:data
{:postgres-user "eHgtdXM=", :postgres-password "eHgtcHc="}}
(cut/generate-secret {:postgres-db-user "xx-us" :postgres-db-password "xx-pw"}))))