From 214aa41c28662fbf7a49998e17404e7ac9216430 Mon Sep 17 00:00:00 2001 From: jerger Date: Mon, 26 Dec 2022 18:38:07 +0100 Subject: [PATCH] use common/ingress --- project.clj | 2 +- src/main/cljc/dda/c4k_jitsi/jitsi.cljc | 92 +++++++------------ .../resources/jitsi/certificate-etherpad.yaml | 15 --- .../resources/jitsi/certificate-jitsi.yaml | 15 --- .../resources/jitsi/ingress-etherpad.yaml | 23 ----- src/main/resources/jitsi/ingress-jitsi.yaml | 23 ----- src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc | 14 +-- 7 files changed, 42 insertions(+), 142 deletions(-) delete mode 100644 src/main/resources/jitsi/certificate-etherpad.yaml delete mode 100644 src/main/resources/jitsi/certificate-jitsi.yaml delete mode 100644 src/main/resources/jitsi/ingress-etherpad.yaml delete mode 100644 src/main/resources/jitsi/ingress-jitsi.yaml diff --git a/project.clj b/project.clj index a7154e2..4321062 100644 --- a/project.clj +++ b/project.clj @@ -5,7 +5,7 @@ :url "https://www.apache.org/licenses/LICENSE-2.0.html"} :dependencies [[org.clojure/clojure "1.11.1"] [org.clojure/tools.reader "1.3.6"] - [org.domaindrivenarchitecture/c4k-common-clj "3.3.0"] + [org.domaindrivenarchitecture/c4k-common-clj "4.0.0-SNAPSHOT"] [hickory "0.7.1"]] :target-path "target/%s/" :source-paths ["src/main/cljc" diff --git a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc index ce2a440..8ab247c 100644 --- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc +++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc @@ -2,19 +2,22 @@ (:require [clojure.spec.alpha :as s] #?(:cljs [shadow.resource :as rc]) + #?(:clj [orchestra.core :refer [defn-spec]] + :cljs [orchestra.core :refer-macros [defn-spec]]) [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] + [dda.c4k-common.ingress :as ing] [dda.c4k-common.base64 :as b64] - [dda.c4k-common.predicate :as pred])) + [dda.c4k-common.predicate :as cp])) -(s/def ::fqdn pred/fqdn-string?) -(s/def ::issuer pred/letsencrypt-issuer?) -(s/def ::jvb-auth-password pred/bash-env-string?) -(s/def ::jicofo-auth-password pred/bash-env-string?) -(s/def ::jicofo-component-secret pred/bash-env-string?) +(s/def ::fqdn cp/fqdn-string?) +(s/def ::issuer cp/letsencrypt-issuer?) +(s/def ::jvb-auth-password cp/bash-env-string?) +(s/def ::jicofo-auth-password cp/bash-env-string?) +(s/def ::jicofo-component-secret cp/bash-env-string?) (def config? (s/keys :req-un [::fqdn] - :opt-un [::issuer ::ingress-type])) + :opt-un [::issuer])) (def auth? (s/keys :req-un [::jvb-auth-password ::jicofo-auth-password @@ -25,79 +28,52 @@ (case resource-name "jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml") "jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml") - "jitsi/ingress-jitsi.yaml" (rc/inline "jitsi/ingress-jitsi.yaml") - "jitsi/ingress-etherpad.yaml" (rc/inline "jitsi/ingress-etherpad.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") (throw (js/Error. "Undefined Resource!"))))) -(defn generate-ingress-jitsi [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/from-string (yaml/load-resource "jitsi/ingress-jitsi.yaml")) - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind) - (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)))) +(defn-spec generate-ingress-web cp/map-or-seq? + [config config?] + (ing/generate-ingress-and-cert + (merge + {:service-name "web" + :service-port 80 + :fqdns [(:fqdn config)]} + config))) -(defn generate-ingress-etherpad [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/from-string (yaml/load-resource "jitsi/ingress-etherpad.yaml")) - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind) - (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" - (str "etherpad." fqdn))))) +(defn-spec generate-ingress-etherpad cp/map-or-seq? + [config config?] + (ing/generate-ingress-and-cert + (merge + {:service-name "etherpad" + :service-port 9001 + :fqdns [(str "etherpad." (:fqdn config))]} + config))) -(defn generate-secret-jitsi [config] - (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config] +(defn-spec generate-secret-jitsi cp/map-or-seq? + [auth auth?] + (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth] (-> (yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) -(defn generate-jvb-service [] +(defn-spec generate-jvb-service cp/map-or-seq? [] (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) -(defn generate-web-service [] +(defn-spec generate-web-service cp/map-or-seq? [] (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) -(defn generate-etherpad-service [] +(defn-spec generate-etherpad-service cp/map-or-seq? [] (yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml"))) -(defn generate-deployment [config] +(defn-spec generate-deployment cp/map-or-seq? + [config config?] (let [{:keys [fqdn]} config] (-> (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml")) (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL" (str "https://etherpad." fqdn "/p/"))))) - -(defn generate-certificate-jitsi - [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/load-as-edn "jitsi/certificate-jitsi.yaml") - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)))) - -(defn generate-certificate-etherpad - [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/load-as-edn "jitsi/certificate-etherpad.yaml") - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn))))) \ No newline at end of file diff --git a/src/main/resources/jitsi/certificate-etherpad.yaml b/src/main/resources/jitsi/certificate-etherpad.yaml deleted file mode 100644 index ce0745a..0000000 --- a/src/main/resources/jitsi/certificate-etherpad.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: etherpad-cert - namespace: default -spec: - secretName: etherpad-cert - commonName: REPLACE_ETHERPAD_FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - REPLACE_ETHERPAD_FQDN - issuerRef: - name: REPLACEME - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/jitsi/certificate-jitsi.yaml b/src/main/resources/jitsi/certificate-jitsi.yaml deleted file mode 100644 index a674641..0000000 --- a/src/main/resources/jitsi/certificate-jitsi.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: jitsi-cert - namespace: default -spec: - secretName: jitsi-cert - commonName: REPLACE_JITSI_FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - REPLACE_JITSI_FQDN - issuerRef: - name: REPLACEME - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/jitsi/ingress-etherpad.yaml b/src/main/resources/jitsi/ingress-etherpad.yaml deleted file mode 100644 index 1a11027..0000000 --- a/src/main/resources/jitsi/ingress-etherpad.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: etherpad - annotations: - cert-manager.io/cluster-issuer: REPLACEME - ingress.kubernetes.io/ssl-redirect: "true" -spec: - tls: - - hosts: - - REPLACE_ETHERPAD_FQDN - secretName: etherpad-cert - rules: - - host: REPLACE_ETHERPAD_FQDN - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: etherpad - port: - number: 9001 \ No newline at end of file diff --git a/src/main/resources/jitsi/ingress-jitsi.yaml b/src/main/resources/jitsi/ingress-jitsi.yaml deleted file mode 100644 index 0f65f3f..0000000 --- a/src/main/resources/jitsi/ingress-jitsi.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: jitsi - annotations: - cert-manager.io/cluster-issuer: REPLACEME - ingress.kubernetes.io/ssl-redirect: "true" -spec: - tls: - - hosts: - - REPLACE_JITSI_FQDN - secretName: jitsi-cert - rules: - - host: REPLACE_JITSI_FQDN - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: web - port: - number: 80 diff --git a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc index b382001..4fd7506 100644 --- a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc +++ b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc @@ -5,7 +5,7 @@ [clojure.spec.test.alpha :as st] [dda.c4k-jitsi.jitsi :as cut])) -;;(st/instrument) +(st/instrument) (deftest should-generate-deployment (is (= {:apiVersion "apps/v1", @@ -37,7 +37,7 @@ :image "jitsi/prosody:stable-7287", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"} @@ -54,7 +54,7 @@ :image "domaindrivenarchitecture/c4k-jitsi", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_SERVER", :value "localhost"} {:name "JICOFO_AUTH_USER", :value "focus"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} @@ -70,14 +70,14 @@ {:name "RESOLUTION_WIDTH", :value "853"} {:name "RESOLUTION_WIDTH_MIN", :value "427"} {:name "DISABLE_AUDIO_LEVELS", :value "true"} - {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy/p/"}]} + {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}]} {:name "jvb", :image "jitsi/jvb:stable-7287", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_SERVER", :value "localhost"} - {:name "DOCKER_HOST_ADDRESS", :value "xy"} + {:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} @@ -102,7 +102,7 @@ {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "TZ", :value "Europe/Berlin"}]}]}}}} - (cut/generate-deployment {:fqdn "xy"})))) + (cut/generate-deployment {:fqdn "xy.xy.xy"})))) (deftest should-generate-secret (is (= {:apiVersion "v1",