|
|
|
@ -175,11 +175,24 @@ Have you recognized the `defn-spec` macro above? We use allover validation, e.g.
|
|
|
|
|
We support namespaces for ingress & postgres (monitoring lives in it's own namespace `monitoring`).
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
(deftest should-generate-simple-ingress
|
|
|
|
|
(is (= [{:apiVersion "v1"
|
|
|
|
|
:kind "Namespace"
|
|
|
|
|
:metadata {:name "myapp"}}]
|
|
|
|
|
(cut/generate {:namespace "myapp"}))))
|
|
|
|
|
(dda.c4k-common.namespace/generate {:namespace "myapp"})
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
yields:
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
[{:apiVersion "v1"
|
|
|
|
|
:kind "Namespace"
|
|
|
|
|
:metadata {:name "myapp"}}]
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
which renders to:
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Namespace
|
|
|
|
|
metadata:
|
|
|
|
|
name: myapp
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### Ingress
|
|
|
|
@ -187,24 +200,77 @@ We support namespaces for ingress & postgres (monitoring lives in it's own names
|
|
|
|
|
In most cases we use `generate-ingress-and-cert` which generates an ingress in combination with letsencrypt cert for a named service.
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
(deftest should-generate-ingress-and-cert
|
|
|
|
|
(is (= [{:apiVersion "cert-manager.io/v1",
|
|
|
|
|
...}
|
|
|
|
|
{:apiVersion "networking.k8s.io/v1",
|
|
|
|
|
:kind "Ingress",
|
|
|
|
|
...
|
|
|
|
|
:spec
|
|
|
|
|
{:tls [{:hosts ["test.jit.si"], :secretName "web"}],
|
|
|
|
|
:rules
|
|
|
|
|
[{:host "test.jit.si",
|
|
|
|
|
:http {:paths [{:path "/",
|
|
|
|
|
:pathType "Prefix",
|
|
|
|
|
:backend
|
|
|
|
|
{:service {:name "web",
|
|
|
|
|
:port {:number 80}}}}]}}]}}]
|
|
|
|
|
(cut/generate-ingress-and-cert {:fqdns ["test.jit.si"]
|
|
|
|
|
:service-name "web"
|
|
|
|
|
:service-port 80}))))
|
|
|
|
|
(dda.c4k-common.ingress/generate-ingress-and-cert
|
|
|
|
|
{:fqdns ["test.jit.si"]
|
|
|
|
|
:service-name "web"
|
|
|
|
|
:service-port 80})
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
yields:
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
[{:apiVersion "cert-manager.io/v1",
|
|
|
|
|
:kind "Certificate",
|
|
|
|
|
...
|
|
|
|
|
:spec
|
|
|
|
|
{:secretName "web",
|
|
|
|
|
:commonName "test.jit.si",
|
|
|
|
|
:duration "2160h",
|
|
|
|
|
:renewBefore "720h",
|
|
|
|
|
:dnsNames ["test.jit.si"],
|
|
|
|
|
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
|
|
|
|
{:apiVersion "networking.k8s.io/v1",
|
|
|
|
|
:kind "Ingress",
|
|
|
|
|
...
|
|
|
|
|
:spec
|
|
|
|
|
{:tls [{:hosts ["test.jit.si"], :secretName "web"}],
|
|
|
|
|
:rules
|
|
|
|
|
[{:host "test.jit.si",
|
|
|
|
|
:http {:paths [{:path "/",
|
|
|
|
|
:pathType "Prefix",
|
|
|
|
|
:backend
|
|
|
|
|
{:service {:name "web",
|
|
|
|
|
:port {:number 80}}}}]}}]}}]
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
which renders to:
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
|
|
|
kind: Certificate
|
|
|
|
|
...
|
|
|
|
|
spec:
|
|
|
|
|
secretName: web
|
|
|
|
|
commonName: test.jit.si
|
|
|
|
|
duration: 2160h
|
|
|
|
|
renewBefore: 720h
|
|
|
|
|
dnsNames:
|
|
|
|
|
- test.jit.si
|
|
|
|
|
issuerRef:
|
|
|
|
|
name: staging
|
|
|
|
|
kind: ClusterIssuer
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
|
|
kind: Ingress
|
|
|
|
|
...
|
|
|
|
|
spec:
|
|
|
|
|
tls:
|
|
|
|
|
- hosts:
|
|
|
|
|
- test.jit.si
|
|
|
|
|
secretName: web
|
|
|
|
|
rules:
|
|
|
|
|
- host: test.jit.si
|
|
|
|
|
http:
|
|
|
|
|
paths:
|
|
|
|
|
- pathType: Prefix
|
|
|
|
|
path: /
|
|
|
|
|
backend:
|
|
|
|
|
service:
|
|
|
|
|
name: web
|
|
|
|
|
port:
|
|
|
|
|
number: 80
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### Postgres Database
|
|
|
|
@ -212,17 +278,78 @@ In most cases we use `generate-ingress-and-cert` which generates an ingress in c
|
|
|
|
|
If your application needs a database, we often use postgres:
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
(deftest should-generate-deployment
|
|
|
|
|
(is (= [{:image "postgres:16"
|
|
|
|
|
:name "postgresql"
|
|
|
|
|
:env
|
|
|
|
|
[{:name "POSTGRES_USER" ...}
|
|
|
|
|
{:name "POSTGRES_PASSWORD" ...}
|
|
|
|
|
{:name "POSTGRES_DB" ...}]
|
|
|
|
|
:volumeMounts [{:name "postgre-data-volume" ...}]}]
|
|
|
|
|
(get-in (cut/generate-deployment
|
|
|
|
|
{:postgres-image "postgres:16"})
|
|
|
|
|
[:spec :template :spec :containers]))))
|
|
|
|
|
(cut/generate-deployment {:postgres-image "postgres:16"})
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
yields:
|
|
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
|
{:apiVersion "apps/v1",
|
|
|
|
|
:kind "Deployment",
|
|
|
|
|
...
|
|
|
|
|
:spec
|
|
|
|
|
{:selector {:matchLabels {:app "postgresql"}},
|
|
|
|
|
:strategy {:type "Recreate"},
|
|
|
|
|
:template
|
|
|
|
|
{:metadata {:labels {:app "postgresql"}},
|
|
|
|
|
:spec
|
|
|
|
|
{:containers
|
|
|
|
|
[{:image "postgres:16",
|
|
|
|
|
:name "postgresql",
|
|
|
|
|
:env
|
|
|
|
|
[{:name "POSTGRES_USER", :valueFrom {:secretKeyRef {:name "postgres-secret", :key "postgres-user"}}}
|
|
|
|
|
{:name "POSTGRES_PASSWORD", :valueFrom {:secretKeyRef {:name "postgres-secret", :key "postgres-password"}}}
|
|
|
|
|
{:name "POSTGRES_DB", :valueFrom {:configMapKeyRef {:name "postgres-config", :key "postgres-db"}}}],
|
|
|
|
|
:ports [{:containerPort 5432, :name "postgresql"}],
|
|
|
|
|
:volumeMounts
|
|
|
|
|
[...],
|
|
|
|
|
:volumes
|
|
|
|
|
[...]}}}}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
which renders to:
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
...
|
|
|
|
|
spec:
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
app: postgresql
|
|
|
|
|
strategy:
|
|
|
|
|
type: Recreate
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: postgresql
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- image: postgres:16
|
|
|
|
|
name: postgresql
|
|
|
|
|
env:
|
|
|
|
|
- name: POSTGRES_USER
|
|
|
|
|
valueFrom:
|
|
|
|
|
secretKeyRef:
|
|
|
|
|
name: postgres-secret
|
|
|
|
|
key: postgres-user
|
|
|
|
|
- name: POSTGRES_PASSWORD
|
|
|
|
|
valueFrom:
|
|
|
|
|
secretKeyRef:
|
|
|
|
|
name: postgres-secret
|
|
|
|
|
key: postgres-password
|
|
|
|
|
- name: POSTGRES_DB
|
|
|
|
|
valueFrom:
|
|
|
|
|
configMapKeyRef:
|
|
|
|
|
name: postgres-config
|
|
|
|
|
key: postgres-db
|
|
|
|
|
ports:
|
|
|
|
|
- containerPort: 5432
|
|
|
|
|
name: postgresql
|
|
|
|
|
volumeMounts:
|
|
|
|
|
...
|
|
|
|
|
volumes:
|
|
|
|
|
...
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
We optimized our db installation to run between 2Gb anf 16Gb Ram usage.
|
|
|
|
|