meissa/c4k-jitsi
6
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages Wiki Activity

use common/ingress

Browse source
This commit is contained in:
jerger 2022-12-26 18:38:07 +01:00
parent 81e3e8ed05
commit 214aa41c28
7 changed files with 42 additions and 142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
project.clj
View file

@ -5,7 +5,7 @@
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.1"]
[org.clojure/tools.reader "1.3.6"]
[org.domaindrivenarchitecture/c4k-common-clj "3.3.0"]
[org.domaindrivenarchitecture/c4k-common-clj "4.0.0-SNAPSHOT"]
[hickory "0.7.1"]]
:target-path "target/%s/"
:source-paths ["src/main/cljc"

92
src/main/cljc/dda/c4k_jitsi/jitsi.cljc
View file

@ -2,19 +2,22 @@
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]))
[dda.c4k-common.predicate :as cp]))
(s/def ::fqdn pred/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::jvb-auth-password pred/bash-env-string?)
(s/def ::jicofo-auth-password pred/bash-env-string?)
(s/def ::jicofo-component-secret pred/bash-env-string?)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::jvb-auth-password cp/bash-env-string?)
(s/def ::jicofo-auth-password cp/bash-env-string?)
(s/def ::jicofo-component-secret cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer ::ingress-type]))
:opt-un [::issuer]))
(def auth? (s/keys :req-un [::jvb-auth-password
::jicofo-auth-password
@ -25,79 +28,52 @@
(case resource-name
"jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml")
"jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml")
"jitsi/ingress-jitsi.yaml" (rc/inline "jitsi/ingress-jitsi.yaml")
"jitsi/ingress-etherpad.yaml" (rc/inline "jitsi/ingress-etherpad.yaml")
"jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml")
"jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml")
"jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn generate-ingress-jitsi [config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/from-string (yaml/load-resource "jitsi/ingress-jitsi.yaml"))
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn-spec generate-ingress-web cp/map-or-seq?
[config config?]
(ing/generate-ingress-and-cert
(merge
{:service-name "web"
:service-port 80
:fqdns [(:fqdn config)]}
config)))
(defn generate-ingress-etherpad [config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/from-string (yaml/load-resource "jitsi/ingress-etherpad.yaml"))
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN"
(str "etherpad." fqdn)))))
(defn-spec generate-ingress-etherpad cp/map-or-seq?
[config config?]
(ing/generate-ingress-and-cert
(merge
{:service-name "etherpad"
:service-port 9001
:fqdns [(str "etherpad." (:fqdn config))]}
config)))
(defn generate-secret-jitsi [config]
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config]
(defn-spec generate-secret-jitsi cp/map-or-seq?
[auth auth?]
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
(->
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
(defn generate-jvb-service []
(defn-spec generate-jvb-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
(defn generate-web-service []
(defn-spec generate-web-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/web-service.yaml")))
(defn generate-etherpad-service []
(defn-spec generate-etherpad-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml")))
(defn generate-deployment [config]
(defn-spec generate-deployment cp/map-or-seq?
[config config?]
(let [{:keys [fqdn]} config]
(->
(yaml/from-string (yaml/load-resource "jitsi/deployment.yaml"))
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL"
(str "https://etherpad." fqdn "/p/")))))
(defn generate-certificate-jitsi
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-jitsi.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn generate-certificate-etherpad
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-etherpad.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn)))))

15
src/main/resources/jitsi/certificate-etherpad.yaml
View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etherpad-cert
namespace: default
spec:
secretName: etherpad-cert
commonName: REPLACE_ETHERPAD_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_ETHERPAD_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

15
src/main/resources/jitsi/certificate-jitsi.yaml
View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jitsi-cert
namespace: default
spec:
secretName: jitsi-cert
commonName: REPLACE_JITSI_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_JITSI_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

23
src/main/resources/jitsi/ingress-etherpad.yaml
View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: etherpad
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_ETHERPAD_FQDN
secretName: etherpad-cert
rules:
- host: REPLACE_ETHERPAD_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: etherpad
port:
number: 9001

23
src/main/resources/jitsi/ingress-jitsi.yaml
View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_JITSI_FQDN
secretName: jitsi-cert
rules:
- host: REPLACE_JITSI_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80

14
src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
View file

@ -5,7 +5,7 @@
[clojure.spec.test.alpha :as st]
[dda.c4k-jitsi.jitsi :as cut]))
;;(st/instrument)
(st/instrument)
(deftest should-generate-deployment
(is (= {:apiVersion "apps/v1",
@ -37,7 +37,7 @@
:image "jitsi/prosody:stable-7287",
:imagePullPolicy "IfNotPresent",
:env
[{:name "PUBLIC_URL", :value "xy"}
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"}
@ -54,7 +54,7 @@
:image "domaindrivenarchitecture/c4k-jitsi",
:imagePullPolicy "IfNotPresent",
:env
[{:name "PUBLIC_URL", :value "xy"}
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"}
{:name "JICOFO_AUTH_USER", :value "focus"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
@ -70,14 +70,14 @@
{:name "RESOLUTION_WIDTH", :value "853"}
{:name "RESOLUTION_WIDTH_MIN", :value "427"}
{:name "DISABLE_AUDIO_LEVELS", :value "true"}
{:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy/p/"}]}
{:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}]}
{:name "jvb",
:image "jitsi/jvb:stable-7287",
:imagePullPolicy "IfNotPresent",
:env
[{:name "PUBLIC_URL", :value "xy"}
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"}
{:name "DOCKER_HOST_ADDRESS", :value "xy"}
{:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
@ -102,7 +102,7 @@
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
{:name "TZ", :value "Europe/Berlin"}]}]}}}}
(cut/generate-deployment {:fqdn "xy"}))))
(cut/generate-deployment {:fqdn "xy.xy.xy"}))))
(deftest should-generate-secret
(is (= {:apiVersion "v1",