From 948b7d92e7e2693143387029ce30918994a89f77 Mon Sep 17 00:00:00 2001 From: bom Date: Fri, 11 Nov 2022 09:35:42 +0100 Subject: [PATCH] Consolidate http and https ingress The two ingresses were used to enable http to https redirects which can also be done by specifying a middleware in the annotations. --- .../cljc/dda/c4k_common/ingress_cert.cljc | 16 ++---- src/main/resources/ingress/http-ingress.yaml | 22 -------- .../{https-ingress.yaml => ingress.yaml} | 5 +- .../dda/c4k_common/ingress_cert_test.cljc | 51 ++----------------- 4 files changed, 11 insertions(+), 83 deletions(-) delete mode 100644 src/main/resources/ingress/http-ingress.yaml rename src/main/resources/ingress/{https-ingress.yaml => ingress.yaml} (69%) diff --git a/src/main/cljc/dda/c4k_common/ingress_cert.cljc b/src/main/cljc/dda/c4k_common/ingress_cert.cljc index 9461831..9d671e7 100644 --- a/src/main/cljc/dda/c4k_common/ingress_cert.cljc +++ b/src/main/cljc/dda/c4k_common/ingress_cert.cljc @@ -29,8 +29,7 @@ (case resource-name "ingress/host-rule.yaml" (rc/inline "ingress/host-rule.yaml") "ingress/certificate.yaml" (rc/inline "ingress/certificate.yaml") - "ingress/http-ingress.yaml" (rc/inline "ingress/http-ingress.yaml") - "ingress/https-ingress.yaml" (rc/inline "ingress/https-ingress.yaml") + "ingress/ingress.yaml" (rc/inline "ingress/ingress.yaml") (throw (js/Error. "Undefined Resource!"))))) (defn-spec generate-host-rule pred/map-or-seq? @@ -43,20 +42,11 @@ (cm/replace-all-matching-values-by-new-value "SERVICE_PORT" service-port) (cm/replace-all-matching-values-by-new-value "SERVICE_NAME" service-name))) -(defn-spec generate-http-ingress pred/map-or-seq? - [config ingress?] - (let [{:keys [ingress-name service-name service-port fqdns app-name]} config] - (-> - (yaml/load-as-edn "ingress/http-ingress.yaml") - (assoc-in [:metadata :name] ingress-name) - (assoc-in [:metadata :labels :app.kubernetes.part-of] app-name) - (assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns))))) - -(defn-spec generate-https-ingress pred/map-or-seq? +(defn-spec generate-ingress pred/map-or-seq? [config ingress?] (let [{:keys [ingress-name cert-name service-name service-port fqdns app-name]} config] (-> - (yaml/load-as-edn "ingress/https-ingress.yaml") + (yaml/load-as-edn "ingress/ingress.yaml") (assoc-in [:metadata :name] ingress-name) (assoc-in [:metadata :labels :app.kubernetes.part-of] app-name) (assoc-in [:spec :tls 0 :secretName] cert-name) diff --git a/src/main/resources/ingress/http-ingress.yaml b/src/main/resources/ingress/http-ingress.yaml deleted file mode 100644 index b9d6153..0000000 --- a/src/main/resources/ingress/http-ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: c4k-common-http-ingress - namespace: default - labels: - app.kubernetes.part-of: c4k-common-app - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web - traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd -spec: - rules: - - host: FQDN - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: SERVICE_NAME - port: - number: 80 diff --git a/src/main/resources/ingress/https-ingress.yaml b/src/main/resources/ingress/ingress.yaml similarity index 69% rename from src/main/resources/ingress/https-ingress.yaml rename to src/main/resources/ingress/ingress.yaml index e253be0..c7ea965 100644 --- a/src/main/resources/ingress/https-ingress.yaml +++ b/src/main/resources/ingress/ingress.yaml @@ -6,8 +6,9 @@ metadata: labels: app.kubernetes.part-of: c4k-common-app annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.entrypoints: web, websecure + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd spec: tls: - hosts: diff --git a/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc b/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc index 5da7964..10cfd5f 100644 --- a/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc +++ b/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc @@ -6,11 +6,9 @@ [dda.c4k-common.ingress-cert :as cut])) (st/instrument `cut/generate-host-rule) -(st/instrument `cut/generate-http-ingress) -(st/instrument `cut/generate-https-ingress) +(st/instrument `cut/generate-ingress) (st/instrument `cut/generate-certificate) - (deftest should-generate-rule (is (= {:host "test.com", :http @@ -21,54 +19,15 @@ {:service {:name "myservice", :port {:number 3000}}}}]}} (cut/generate-host-rule "myservice" 3000 "test.com")))) - -(deftest should-generate-http-ingress - (is (= {:apiVersion "networking.k8s.io/v1", - :kind "Ingress", - :metadata - {:name "test-io-http-ingress", - :namespace "default", - :labels {:app.kubernetes.part-of "c4k-common-app"}, - :annotations - #:traefik.ingress.kubernetes.io{:router.entrypoints "web", - :router.middlewares "default-redirect-https@kubernetescrd"}}} - (dissoc (cut/generate-http-ingress - {:issuer "prod" - :app-name "c4k-common-app" - :service-name "myservice" - :service-port 3000 - :ingress-name "test-io-http-ingress" - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :spec))) - (is (= {:rules - [{:host "test.de", - :http - {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "myservice", :port {:number 3000}}}}]}} - {:host "www.test.de", - :http - {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "myservice", :port {:number 3000}}}}]}} - {:host "test-it.de", - :http - {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "myservice", :port {:number 3000}}}}]}} - {:host "www.test-it.de", - :http - {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "myservice", :port {:number 3000}}}}]}}]} - (:spec (cut/generate-http-ingress - {:issuer "prod" - :service-name "myservice" - :app-name "c4k-common-app" - :service-port 3000 - :ingress-name "test-io-http-ingress" - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) - -(deftest should-generate-https-ingress +(deftest should-generate-ingress (is (= {:apiVersion "networking.k8s.io/v1", :kind "Ingress", :metadata {:name "test-io-https-ingress", :namespace "default", :labels {:app.kubernetes.part-of "c4k-common-app"}, - :annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "websecure", :router.tls "true"}}} - (dissoc (cut/generate-https-ingress + :annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "web, websecure", :router.tls "true", :router.middlewares "default-redirect-https@kubernetescrd"}}} + (dissoc (cut/generate-ingress {:issuer "prod" :service-name "test-io-service" :app-name "c4k-common-app" @@ -92,7 +51,7 @@ {:host "www.test-it.de", :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}]} - (:spec (cut/generate-https-ingress {:issuer "prod" + (:spec (cut/generate-ingress {:issuer "prod" :app-name "c4k-common-app" :service-name "test-io-service" :service-port 80