|
|
@ -20,12 +20,39 @@
|
|
|
|
{:service {:name "myservice", :port {:number 3000}}}}]}}
|
|
|
|
{:service {:name "myservice", :port {:number 3000}}}}]}}
|
|
|
|
(cut/generate-host-rule "myservice" 3000 "test.com"))))
|
|
|
|
(cut/generate-host-rule "myservice" 3000 "test.com"))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-certificate
|
|
|
|
|
|
|
|
(is (= {:apiVersion "cert-manager.io/v1",
|
|
|
|
|
|
|
|
:kind "Certificate",
|
|
|
|
|
|
|
|
:metadata {:name "test-io-cert",
|
|
|
|
|
|
|
|
:namespace "default",
|
|
|
|
|
|
|
|
:labels {:app.kubernetes.part-of "c4k-common-app"}},
|
|
|
|
|
|
|
|
:spec
|
|
|
|
|
|
|
|
{:secretName "test-io-cert",
|
|
|
|
|
|
|
|
:commonName "test.de",
|
|
|
|
|
|
|
|
:duration "2160h",
|
|
|
|
|
|
|
|
:renewBefore "720h",
|
|
|
|
|
|
|
|
:dnsNames ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
|
|
|
|
|
|
:issuerRef {:name "prod", :kind "ClusterIssuer"}}}
|
|
|
|
|
|
|
|
(cut/generate-certificate {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
|
|
|
|
|
|
|
|
:app-name "c4k-common-app"
|
|
|
|
|
|
|
|
:cert-name "test-io-cert"
|
|
|
|
|
|
|
|
:issuer "prod"}))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-middleware-ratelimit
|
|
|
|
|
|
|
|
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
|
|
|
|
|
|
|
:kind "Middleware",
|
|
|
|
|
|
|
|
:metadata {:name "normal-ratelimit"},
|
|
|
|
|
|
|
|
:spec {:rateLimit {:average 10, :burst 5}}}
|
|
|
|
|
|
|
|
(cut/generate-rate-limit-middleware {:rate-limit-name "normal"
|
|
|
|
|
|
|
|
:average-rate 10, :burst-rate 5}))))
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-ingress
|
|
|
|
(deftest should-generate-ingress
|
|
|
|
(is (= {:apiVersion "networking.k8s.io/v1",
|
|
|
|
(is (= {:apiVersion "networking.k8s.io/v1",
|
|
|
|
:kind "Ingress",
|
|
|
|
:kind "Ingress",
|
|
|
|
:metadata
|
|
|
|
:metadata
|
|
|
|
{:name "test-io-https-ingress",
|
|
|
|
{
|
|
|
|
:namespace "default",
|
|
|
|
:namespace "default",
|
|
|
|
|
|
|
|
:name "test-io-https-ingress",
|
|
|
|
:labels {:app.kubernetes.part-of "c4k-common-app"},
|
|
|
|
:labels {:app.kubernetes.part-of "c4k-common-app"},
|
|
|
|
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints
|
|
|
|
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints
|
|
|
|
"web, websecure"
|
|
|
|
"web, websecure"
|
|
|
@ -33,13 +60,29 @@
|
|
|
|
"default-redirect-https@kubernetescrd"
|
|
|
|
"default-redirect-https@kubernetescrd"
|
|
|
|
:metallb.universe.tf/address-pool "public"}}}
|
|
|
|
:metallb.universe.tf/address-pool "public"}}}
|
|
|
|
(dissoc (cut/generate-ingress
|
|
|
|
(dissoc (cut/generate-ingress
|
|
|
|
{:issuer "prod"
|
|
|
|
{:issuer "prod"
|
|
|
|
:service-name "test-io-service"
|
|
|
|
:service-name "test-io-service"
|
|
|
|
:app-name "c4k-common-app"
|
|
|
|
:app-name "c4k-common-app"
|
|
|
|
:service-port 80
|
|
|
|
:service-port 80
|
|
|
|
:ingress-name "test-io-https-ingress"
|
|
|
|
:ingress-name "test-io-https-ingress"
|
|
|
|
:fqdns ["test.de" "www.test.de" "test-it.de"
|
|
|
|
:fqdns ["test.de" "www.test.de" "test-it.de"
|
|
|
|
"www.test-it.de"]}) :spec)))
|
|
|
|
"www.test-it.de"]}) :spec)))
|
|
|
|
|
|
|
|
(is (= {
|
|
|
|
|
|
|
|
:name "test-io-https-ingress",
|
|
|
|
|
|
|
|
:namespace "default",
|
|
|
|
|
|
|
|
:labels {:app.kubernetes.part-of "c4k-common-app"},
|
|
|
|
|
|
|
|
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints
|
|
|
|
|
|
|
|
"web, websecure"
|
|
|
|
|
|
|
|
:traefik.ingress.kubernetes.io/router.middlewares
|
|
|
|
|
|
|
|
"default-redirect-https@kubernetescrd, normal-ratelimit@kubernetescrd",
|
|
|
|
|
|
|
|
:metallb.universe.tf/address-pool "public"}}
|
|
|
|
|
|
|
|
(:metadata (cut/generate-ingress
|
|
|
|
|
|
|
|
{:service-name "test-io-service"
|
|
|
|
|
|
|
|
:app-name "c4k-common-app"
|
|
|
|
|
|
|
|
:service-port 80
|
|
|
|
|
|
|
|
:ingress-name "test-io-https-ingress"
|
|
|
|
|
|
|
|
:rate-limit-name "normal"
|
|
|
|
|
|
|
|
:fqdns ["test.de"]}))))
|
|
|
|
(is (= {:tls
|
|
|
|
(is (= {:tls
|
|
|
|
[{:hosts
|
|
|
|
[{:hosts
|
|
|
|
["test.de" "www.test.de" "test-it.de" "www.test-it.de"],
|
|
|
|
["test.de" "www.test.de" "test-it.de" "www.test-it.de"],
|
|
|
@ -66,25 +109,6 @@
|
|
|
|
:fqdns ["test.de" "www.test.de"
|
|
|
|
:fqdns ["test.de" "www.test.de"
|
|
|
|
"test-it.de"
|
|
|
|
"test-it.de"
|
|
|
|
"www.test-it.de"]})))))
|
|
|
|
"www.test-it.de"]})))))
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-certificate
|
|
|
|
|
|
|
|
(is (= {:apiVersion "cert-manager.io/v1",
|
|
|
|
|
|
|
|
:kind "Certificate",
|
|
|
|
|
|
|
|
:metadata {:name "test-io-cert",
|
|
|
|
|
|
|
|
:namespace "default",
|
|
|
|
|
|
|
|
:labels {:app.kubernetes.part-of "c4k-common-app"}},
|
|
|
|
|
|
|
|
:spec
|
|
|
|
|
|
|
|
{:secretName "test-io-cert",
|
|
|
|
|
|
|
|
:commonName "test.de",
|
|
|
|
|
|
|
|
:duration "2160h",
|
|
|
|
|
|
|
|
:renewBefore "720h",
|
|
|
|
|
|
|
|
:dnsNames ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
|
|
|
|
|
|
:issuerRef {:name "prod", :kind "ClusterIssuer"}}}
|
|
|
|
|
|
|
|
(cut/generate-certificate {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
|
|
|
|
|
|
|
|
:app-name "c4k-common-app"
|
|
|
|
|
|
|
|
:cert-name "test-io-cert"
|
|
|
|
|
|
|
|
:issuer "prod"}))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-ingress-and-cert
|
|
|
|
(deftest should-generate-ingress-and-cert
|
|
|
|
(is (= [{:apiVersion "cert-manager.io/v1",
|
|
|
|
(is (= [{:apiVersion "cert-manager.io/v1",
|
|
|
|
:kind "Certificate",
|
|
|
|
:kind "Certificate",
|
|
|
@ -122,3 +146,45 @@
|
|
|
|
(cut/generate-ingress-and-cert {:fqdns ["test.jit.si"]
|
|
|
|
(cut/generate-ingress-and-cert {:fqdns ["test.jit.si"]
|
|
|
|
:service-name "web"
|
|
|
|
:service-name "web"
|
|
|
|
:service-port 80}))))
|
|
|
|
:service-port 80}))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(deftest should-generate-simple-ingress
|
|
|
|
|
|
|
|
(is (= [{:apiVersion "cert-manager.io/v1",
|
|
|
|
|
|
|
|
:kind "Certificate",
|
|
|
|
|
|
|
|
:metadata
|
|
|
|
|
|
|
|
{:name "web",
|
|
|
|
|
|
|
|
:labels {:app.kubernetes.part-of "web"},
|
|
|
|
|
|
|
|
:namespace "default"},
|
|
|
|
|
|
|
|
:spec
|
|
|
|
|
|
|
|
{:secretName "web",
|
|
|
|
|
|
|
|
:commonName "test.jit.si",
|
|
|
|
|
|
|
|
:duration "2160h",
|
|
|
|
|
|
|
|
:renewBefore "720h",
|
|
|
|
|
|
|
|
:dnsNames ["test.jit.si"],
|
|
|
|
|
|
|
|
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
|
|
|
|
|
|
|
{:apiVersion "traefik.containo.us/v1alpha1",
|
|
|
|
|
|
|
|
:kind "Middleware",
|
|
|
|
|
|
|
|
:metadata {:name "web-ratelimit"},
|
|
|
|
|
|
|
|
:spec {:rateLimit {:average 10, :burst 10}}}
|
|
|
|
|
|
|
|
{:apiVersion "networking.k8s.io/v1",
|
|
|
|
|
|
|
|
:kind "Ingress",
|
|
|
|
|
|
|
|
:metadata
|
|
|
|
|
|
|
|
{:name "web",
|
|
|
|
|
|
|
|
:namespace "default",
|
|
|
|
|
|
|
|
:labels {:app.kubernetes.part-of "web"},
|
|
|
|
|
|
|
|
:annotations
|
|
|
|
|
|
|
|
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
|
|
|
|
|
|
|
:traefik.ingress.kubernetes.io/router.middlewares
|
|
|
|
|
|
|
|
"default-redirect-https@kubernetescrd, web-ratelimit@kubernetescrd",
|
|
|
|
|
|
|
|
:metallb.universe.tf/address-pool "public"}},
|
|
|
|
|
|
|
|
:spec
|
|
|
|
|
|
|
|
{:tls [{:hosts ["test.jit.si"], :secretName "web"}],
|
|
|
|
|
|
|
|
:rules
|
|
|
|
|
|
|
|
[{:host "test.jit.si",
|
|
|
|
|
|
|
|
:http {:paths [{:path "/",
|
|
|
|
|
|
|
|
:pathType "Prefix",
|
|
|
|
|
|
|
|
:backend
|
|
|
|
|
|
|
|
{:service {:name "web",
|
|
|
|
|
|
|
|
:port {:number 80}}}}]}}]}}]
|
|
|
|
|
|
|
|
(cut/generate-simple-ingress {:fqdns ["test.jit.si"]
|
|
|
|
|
|
|
|
:service-name "web"
|
|
|
|
|
|
|
|
:service-port 80}))))
|