From 0e341c98e6dabccb7af8387c881a2e2d76310506 Mon Sep 17 00:00:00 2001
From: bom <mattis.boeckle@meissa-gmbh.de>
Date: Fri, 24 Jun 2022 10:44:44 +0200
Subject: [PATCH] Add certificates with renew

---
 src/main/cljc/dda/c4k_jitsi/core.cljc         |  2 ++
 src/main/cljc/dda/c4k_jitsi/jitsi.cljc        | 24 ++++++++++++++++++-
 .../resources/jitsi/certificate-etherpad.yaml | 15 ++++++++++++
 .../resources/jitsi/certificate-jitsi.yaml    | 15 ++++++++++++
 .../resources/jitsi/ingress-etherpad.yaml     |  2 +-
 src/main/resources/jitsi/ingress-jitsi.yaml   |  2 +-
 6 files changed, 57 insertions(+), 3 deletions(-)
 create mode 100644 src/main/resources/jitsi/certificate-etherpad.yaml
 create mode 100644 src/main/resources/jitsi/certificate-jitsi.yaml

diff --git a/src/main/cljc/dda/c4k_jitsi/core.cljc b/src/main/cljc/dda/c4k_jitsi/core.cljc
index e28b83f..a43d0c7 100644
--- a/src/main/cljc/dda/c4k_jitsi/core.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/core.cljc
@@ -17,6 +17,8 @@
 (defn k8s-objects [config]
   (map yaml/to-string
        [(jitsi/generate-secret-jitsi config)
+        (jitsi/generate-certificate-jitsi config)
+        (jitsi/generate-certificate-etherpad config)
         (jitsi/generate-jvb-service)
         (jitsi/generate-web-service)
         (jitsi/generate-etherpad-service)
diff --git a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
index 5e75660..5dbcabf 100644
--- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
@@ -71,4 +71,26 @@
      (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml"))
      (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)
      (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL"
-                                                  (str "https://etherpad." fqdn "/p/")))))
\ No newline at end of file
+                                                  (str "https://etherpad." fqdn "/p/")))))
+
+(defn generate-certificate-jitsi
+  [config]
+  (let [{:keys [fqdn issuer ingress-type]
+         :or {issuer :staging ingress-type :default}} config
+        letsencrypt-issuer (name issuer)
+        ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
+    (->
+     (yaml/load-as-edn "jitsi/certificate-jitsi.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
+
+(defn generate-certificate-etherpad
+  [config]
+  (let [{:keys [fqdn issuer ingress-type]
+         :or {issuer :staging ingress-type :default}} config
+        letsencrypt-issuer (name issuer)
+        ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
+    (->
+     (yaml/load-as-edn "jitsi/certificate-etherpad.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn)))))
\ No newline at end of file
diff --git a/src/main/resources/jitsi/certificate-etherpad.yaml b/src/main/resources/jitsi/certificate-etherpad.yaml
new file mode 100644
index 0000000..ce0745a
--- /dev/null
+++ b/src/main/resources/jitsi/certificate-etherpad.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etherpad-cert
+  namespace: default
+spec:
+  secretName: etherpad-cert
+  commonName: REPLACE_ETHERPAD_FQDN
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+  - REPLACE_ETHERPAD_FQDN
+  issuerRef:
+    name: REPLACEME
+    kind: ClusterIssuer
\ No newline at end of file
diff --git a/src/main/resources/jitsi/certificate-jitsi.yaml b/src/main/resources/jitsi/certificate-jitsi.yaml
new file mode 100644
index 0000000..a674641
--- /dev/null
+++ b/src/main/resources/jitsi/certificate-jitsi.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jitsi-cert
+  namespace: default
+spec:
+  secretName: jitsi-cert
+  commonName: REPLACE_JITSI_FQDN
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+  - REPLACE_JITSI_FQDN
+  issuerRef:
+    name: REPLACEME
+    kind: ClusterIssuer
\ No newline at end of file
diff --git a/src/main/resources/jitsi/ingress-etherpad.yaml b/src/main/resources/jitsi/ingress-etherpad.yaml
index 89b1aca..1a11027 100644
--- a/src/main/resources/jitsi/ingress-etherpad.yaml
+++ b/src/main/resources/jitsi/ingress-etherpad.yaml
@@ -9,7 +9,7 @@ spec:
   tls:
   - hosts:
     - REPLACE_ETHERPAD_FQDN
-    secretName: tls-etherpad
+    secretName: etherpad-cert
   rules:
   - host: REPLACE_ETHERPAD_FQDN
     http:
diff --git a/src/main/resources/jitsi/ingress-jitsi.yaml b/src/main/resources/jitsi/ingress-jitsi.yaml
index c810a28..0f65f3f 100644
--- a/src/main/resources/jitsi/ingress-jitsi.yaml
+++ b/src/main/resources/jitsi/ingress-jitsi.yaml
@@ -9,7 +9,7 @@ spec:
   tls:
   - hosts:
     - REPLACE_JITSI_FQDN
-    secretName: tls-jitsi
+    secretName: jitsi-cert
   rules:
   - host: REPLACE_JITSI_FQDN
     http: