Merge branch 'main' into forgejo-upgrade
This commit is contained in:
commit
bf89f3c5a9
8 changed files with 16 additions and 67 deletions
|
@ -6,7 +6,7 @@ from ddadevops import *
|
||||||
name = "c4k-forgejo"
|
name = "c4k-forgejo"
|
||||||
MODULE = "backup"
|
MODULE = "backup"
|
||||||
PROJECT_ROOT_PATH = "../.."
|
PROJECT_ROOT_PATH = "../.."
|
||||||
version = "3.4.4-dev"
|
version = "3.4.5-dev"
|
||||||
|
|
||||||
|
|
||||||
@init
|
@init
|
||||||
|
|
|
@ -6,7 +6,7 @@ from ddadevops import *
|
||||||
name = 'c4k-forgejo'
|
name = 'c4k-forgejo'
|
||||||
MODULE = 'federated'
|
MODULE = 'federated'
|
||||||
PROJECT_ROOT_PATH = '../..'
|
PROJECT_ROOT_PATH = '../..'
|
||||||
version = "3.4.4-dev"
|
version = "3.4.5-dev"
|
||||||
|
|
||||||
@init
|
@init
|
||||||
def initialize(project):
|
def initialize(project):
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"name": "c4k-forgejo",
|
"name": "c4k-forgejo",
|
||||||
"description": "Generate c4k yaml for a forgejo deployment.",
|
"description": "Generate c4k yaml for a forgejo deployment.",
|
||||||
"author": "meissa GmbH",
|
"author": "meissa GmbH",
|
||||||
"version": "3.4.4-SNAPSHOT",
|
"version": "3.4.5-SNAPSHOT",
|
||||||
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
|
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
|
||||||
"repository": "https://www.npmjs.com/package/c4k-forgejo",
|
"repository": "https://www.npmjs.com/package/c4k-forgejo",
|
||||||
"license": "APACHE2",
|
"license": "APACHE2",
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.4-SNAPSHOT"
|
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.5-SNAPSHOT"
|
||||||
:description "forgejo c4k-installation package"
|
:description "forgejo c4k-installation package"
|
||||||
:url "https://domaindrivenarchitecture.org"
|
:url "https://domaindrivenarchitecture.org"
|
||||||
:license {:name "Apache License, Version 2.0"
|
:license {:name "Apache License, Version 2.0"
|
||||||
|
|
|
@ -59,9 +59,8 @@
|
||||||
(forgejo/generate-service-ssh)
|
(forgejo/generate-service-ssh)
|
||||||
(forgejo/generate-data-volume resolved-config)
|
(forgejo/generate-data-volume resolved-config)
|
||||||
(forgejo/generate-appini-env resolved-config)
|
(forgejo/generate-appini-env resolved-config)
|
||||||
(forgejo/generate-secrets auth)
|
(forgejo/generate-secrets auth)] ; this does not have a vector as output
|
||||||
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
|
(forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output
|
||||||
(forgejo/generate-rate-limit-ingress-and-cert resolved-config) ; this function has a vector as output
|
|
||||||
(when (contains? resolved-config :restic-repository)
|
(when (contains? resolved-config :restic-repository)
|
||||||
[(backup/generate-config resolved-config)
|
[(backup/generate-config resolved-config)
|
||||||
(backup/generate-secret auth)
|
(backup/generate-secret auth)
|
||||||
|
|
|
@ -128,35 +128,17 @@
|
||||||
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
||||||
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
||||||
|
|
||||||
(defn generate-ingress-and-cert
|
(defn-spec generate-ratelimit-ingress-and-cert seq?
|
||||||
[config]
|
|
||||||
(let [{:keys [fqdn]} config]
|
|
||||||
(ing/generate-ingress-and-cert
|
|
||||||
(merge
|
|
||||||
{:service-name "forgejo-service"
|
|
||||||
:service-port 3000
|
|
||||||
:fqdns [fqdn]}
|
|
||||||
config))))
|
|
||||||
|
|
||||||
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
|
|
||||||
[config config?]
|
[config config?]
|
||||||
(->
|
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
|
||||||
(generate-ingress-and-cert config) ; returns a vector
|
(ing/generate-simple-ingress (merge
|
||||||
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
|
{:service-name "forgejo-service"
|
||||||
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
|
:service-port 3000
|
||||||
(str
|
:fqdns [fqdn]
|
||||||
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
|
:average-rate max-rate
|
||||||
", default-ratelimit@kubernetescrd")))))
|
:burst-rate max-concurrent-requests
|
||||||
|
:namespace namespace}
|
||||||
|
config))))
|
||||||
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
|
|
||||||
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
|
|
||||||
[config rate-limit-config?]
|
|
||||||
(let [{:keys [max-rate max-concurrent-requests]} config]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
|
|
||||||
(cm/replace-key-value :average max-rate)
|
|
||||||
(cm/replace-key-value :burst max-concurrent-requests))))
|
|
||||||
|
|
||||||
(defn-spec generate-data-volume pred/map-or-seq?
|
(defn-spec generate-data-volume pred/map-or-seq?
|
||||||
[config vol?]
|
[config vol?]
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: Middleware
|
|
||||||
metadata:
|
|
||||||
name: ratelimit
|
|
||||||
namespace: forgejo
|
|
||||||
spec:
|
|
||||||
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
|
|
||||||
average: AVG
|
|
||||||
burst: BRS
|
|
|
@ -163,26 +163,3 @@
|
||||||
:storage-c2 "15Gi"}
|
:storage-c2 "15Gi"}
|
||||||
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
|
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
|
||||||
(cut/generate-data-volume {:volume-total-storage-size 15})))))
|
(cut/generate-data-volume {:volume-total-storage-size 15})))))
|
||||||
|
|
||||||
(deftest should-generate-middleware-ratelimit
|
|
||||||
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
|
||||||
:kind "Middleware",
|
|
||||||
:metadata {:name "ratelimit", :namespace "forgejo"},
|
|
||||||
:spec {:rateLimit {:average 10, :burst 5}}}
|
|
||||||
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
|
|
||||||
|
|
||||||
(deftest should-generate-middleware-ratelimit-ingress-and-cert
|
|
||||||
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
|
||||||
:traefik.ingress.kubernetes.io/router.middlewares
|
|
||||||
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
|
|
||||||
:metallb.universe.tf/address-pool "public"}
|
|
||||||
(-> (second
|
|
||||||
(cut/generate-rate-limit-ingress-and-cert
|
|
||||||
{:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:average 10
|
|
||||||
:burst 5}))
|
|
||||||
:metadata :annotations))))
|
|
||||||
|
|
Loading…
Reference in a new issue