use common/ingress

This commit is contained in:
jerger 2022-12-26 18:38:07 +01:00
parent 81e3e8ed05
commit 214aa41c28
7 changed files with 42 additions and 142 deletions

View file

@ -5,7 +5,7 @@
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.1"] :dependencies [[org.clojure/clojure "1.11.1"]
[org.clojure/tools.reader "1.3.6"] [org.clojure/tools.reader "1.3.6"]
[org.domaindrivenarchitecture/c4k-common-clj "3.3.0"] [org.domaindrivenarchitecture/c4k-common-clj "4.0.0-SNAPSHOT"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"

View file

@ -2,19 +2,22 @@
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred])) [dda.c4k-common.predicate :as cp]))
(s/def ::fqdn pred/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::jvb-auth-password pred/bash-env-string?) (s/def ::jvb-auth-password cp/bash-env-string?)
(s/def ::jicofo-auth-password pred/bash-env-string?) (s/def ::jicofo-auth-password cp/bash-env-string?)
(s/def ::jicofo-component-secret pred/bash-env-string?) (s/def ::jicofo-component-secret cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer ::ingress-type])) :opt-un [::issuer]))
(def auth? (s/keys :req-un [::jvb-auth-password (def auth? (s/keys :req-un [::jvb-auth-password
::jicofo-auth-password ::jicofo-auth-password
@ -25,79 +28,52 @@
(case resource-name (case resource-name
"jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml") "jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml")
"jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml") "jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml")
"jitsi/ingress-jitsi.yaml" (rc/inline "jitsi/ingress-jitsi.yaml")
"jitsi/ingress-etherpad.yaml" (rc/inline "jitsi/ingress-etherpad.yaml")
"jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml")
"jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml")
"jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
(defn generate-ingress-jitsi [config] (defn-spec generate-ingress-web cp/map-or-seq?
(let [{:keys [fqdn issuer ingress-type] [config config?]
:or {issuer :staging ingress-type :default}} config (ing/generate-ingress-and-cert
letsencrypt-issuer (name issuer) (merge
ingress-kind (if (= :default ingress-type) "" (name ingress-type))] {:service-name "web"
(-> :service-port 80
(yaml/from-string (yaml/load-resource "jitsi/ingress-jitsi.yaml")) :fqdns [(:fqdn config)]}
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) config)))
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn generate-ingress-etherpad [config] (defn-spec generate-ingress-etherpad cp/map-or-seq?
(let [{:keys [fqdn issuer ingress-type] [config config?]
:or {issuer :staging ingress-type :default}} config (ing/generate-ingress-and-cert
letsencrypt-issuer (name issuer) (merge
ingress-kind (if (= :default ingress-type) "" (name ingress-type))] {:service-name "etherpad"
(-> :service-port 9001
(yaml/from-string (yaml/load-resource "jitsi/ingress-etherpad.yaml")) :fqdns [(str "etherpad." (:fqdn config))]}
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) config)))
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN"
(str "etherpad." fqdn)))))
(defn generate-secret-jitsi [config] (defn-spec generate-secret-jitsi cp/map-or-seq?
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config] [auth auth?]
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
(defn generate-jvb-service [] (defn-spec generate-jvb-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
(defn generate-web-service [] (defn-spec generate-web-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml")))
(defn generate-etherpad-service [] (defn-spec generate-etherpad-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml")))
(defn generate-deployment [config] (defn-spec generate-deployment cp/map-or-seq?
[config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn]} config]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/deployment.yaml")) (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml"))
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL" (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL"
(str "https://etherpad." fqdn "/p/"))))) (str "https://etherpad." fqdn "/p/")))))
(defn generate-certificate-jitsi
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-jitsi.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn generate-certificate-etherpad
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-etherpad.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn)))))

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etherpad-cert
namespace: default
spec:
secretName: etherpad-cert
commonName: REPLACE_ETHERPAD_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_ETHERPAD_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jitsi-cert
namespace: default
spec:
secretName: jitsi-cert
commonName: REPLACE_JITSI_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_JITSI_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: etherpad
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_ETHERPAD_FQDN
secretName: etherpad-cert
rules:
- host: REPLACE_ETHERPAD_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: etherpad
port:
number: 9001

View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_JITSI_FQDN
secretName: jitsi-cert
rules:
- host: REPLACE_JITSI_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80

View file

@ -5,7 +5,7 @@
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.c4k-jitsi.jitsi :as cut])) [dda.c4k-jitsi.jitsi :as cut]))
;;(st/instrument) (st/instrument)
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
@ -37,7 +37,7 @@
:image "jitsi/prosody:stable-7287", :image "jitsi/prosody:stable-7287",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"} {:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"}
@ -54,7 +54,7 @@
:image "domaindrivenarchitecture/c4k-jitsi", :image "domaindrivenarchitecture/c4k-jitsi",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"} {:name "XMPP_SERVER", :value "localhost"}
{:name "JICOFO_AUTH_USER", :value "focus"} {:name "JICOFO_AUTH_USER", :value "focus"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
@ -70,14 +70,14 @@
{:name "RESOLUTION_WIDTH", :value "853"} {:name "RESOLUTION_WIDTH", :value "853"}
{:name "RESOLUTION_WIDTH_MIN", :value "427"} {:name "RESOLUTION_WIDTH_MIN", :value "427"}
{:name "DISABLE_AUDIO_LEVELS", :value "true"} {:name "DISABLE_AUDIO_LEVELS", :value "true"}
{:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy/p/"}]} {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}]}
{:name "jvb", {:name "jvb",
:image "jitsi/jvb:stable-7287", :image "jitsi/jvb:stable-7287",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"} {:name "XMPP_SERVER", :value "localhost"}
{:name "DOCKER_HOST_ADDRESS", :value "xy"} {:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
@ -102,7 +102,7 @@
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
{:name "TZ", :value "Europe/Berlin"}]}]}}}} {:name "TZ", :value "Europe/Berlin"}]}]}}}}
(cut/generate-deployment {:fqdn "xy"})))) (cut/generate-deployment {:fqdn "xy.xy.xy"}))))
(deftest should-generate-secret (deftest should-generate-secret
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",