refactored deployment & secret
This commit is contained in:
parent
89cb9f8223
commit
4ac3f4ca49
4 changed files with 32 additions and 14 deletions
|
@ -12,12 +12,14 @@
|
|||
|
||||
(s/def ::fqdn cp/fqdn-string?)
|
||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||
(s/def ::namespace string?)
|
||||
(s/def ::jvb-auth-password cp/bash-env-string?)
|
||||
(s/def ::jicofo-auth-password cp/bash-env-string?)
|
||||
(s/def ::jicofo-component-secret cp/bash-env-string?)
|
||||
|
||||
(def config? (s/keys :req-un [::fqdn]
|
||||
:opt-un [::issuer]))
|
||||
:opt-un [::issuer
|
||||
::namespace]))
|
||||
|
||||
(def auth? (s/keys :req-un [::jvb-auth-password
|
||||
::jicofo-auth-password
|
||||
|
@ -63,10 +65,13 @@
|
|||
config)))
|
||||
|
||||
(defn-spec generate-secret-jitsi cp/map-or-seq?
|
||||
[auth auth?]
|
||||
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
|
||||
[config config?
|
||||
auth auth?]
|
||||
(let [{:keys [namespace]} config
|
||||
{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
|
||||
(->
|
||||
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
|
||||
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
|
||||
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
|
||||
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
|
||||
|
@ -88,10 +93,11 @@
|
|||
|
||||
(defn-spec generate-deployment cp/map-or-seq?
|
||||
[config config?]
|
||||
(let [{:keys [fqdn]} config]
|
||||
(let [{:keys [fqdn namespace]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "jitsi/deployment.yaml")
|
||||
(cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
|
||||
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||
(cm/replace-all-matching "REPLACE_ETHERPAD_URL"
|
||||
(str "https://etherpad." fqdn "/p/"))
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ metadata:
|
|||
labels:
|
||||
app: jitsi
|
||||
name: jitsi
|
||||
namespace: NAMESPACE
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
|
|
@ -2,6 +2,7 @@ apiVersion: v1
|
|||
kind: Secret
|
||||
metadata:
|
||||
name: jitsi-config
|
||||
namespace: NAMESPACE
|
||||
type: Opaque
|
||||
data:
|
||||
JVB_AUTH_PASSWORD: "jvb-auth"
|
||||
|
|
|
@ -5,12 +5,16 @@
|
|||
[clojure.spec.test.alpha :as st]
|
||||
[dda.c4k-jitsi.jitsi :as cut]))
|
||||
|
||||
(st/instrument)
|
||||
(st/instrument `cut/generate-deployment)
|
||||
(st/instrument `cut/generate-secret-jitsi)
|
||||
|
||||
(deftest should-generate-deployment
|
||||
(is (= {:apiVersion "apps/v1",
|
||||
:kind "Deployment",
|
||||
:metadata {:labels {:app "jitsi"}, :name "jitsi"},
|
||||
:metadata
|
||||
{:labels {:app "jitsi"},
|
||||
:name "jitsi"
|
||||
:namespace "jitsi"},
|
||||
:spec
|
||||
{:strategy {:type "Recreate"},
|
||||
:selector {:matchLabels {:app "jitsi"}},
|
||||
|
@ -19,7 +23,7 @@
|
|||
:spec
|
||||
{:containers
|
||||
[{:name "jicofo",
|
||||
:image "jitsi/jicofo:stable-9457-2",
|
||||
:image "jitsi/jicofo:stable-9584-1",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:env
|
||||
[{:name "XMPP_SERVER", :value "localhost"}
|
||||
|
@ -29,7 +33,7 @@
|
|||
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
||||
{:name "TZ", :value "Europe/Berlin"}]}
|
||||
{:name "prosody",
|
||||
:image "jitsi/prosody:stable-9457-2",
|
||||
:image "jitsi/prosody:stable-9584-1",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:env
|
||||
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
||||
|
@ -63,7 +67,7 @@
|
|||
{:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"}
|
||||
{:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]}
|
||||
{:name "jvb",
|
||||
:image "jitsi/jvb:stable-9457-2",
|
||||
:image "jitsi/jvb:stable-9584-1",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:env
|
||||
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
||||
|
@ -85,17 +89,23 @@
|
|||
{:name "JICOFO_AUTH_USER", :value "focus"}
|
||||
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
||||
{:name "TZ", :value "Europe/Berlin"}]}]}}}}
|
||||
(cut/generate-deployment {:fqdn "xy.xy.xy"}))))
|
||||
(cut/generate-deployment {:fqdn "xy.xy.xy"
|
||||
:namespace "jitsi"}))))
|
||||
|
||||
(deftest should-generate-secret
|
||||
(is (= {:apiVersion "v1",
|
||||
:kind "Secret",
|
||||
:metadata {:name "jitsi-config"},
|
||||
:metadata
|
||||
{:name "jitsi-config"
|
||||
:namespace "jitsi"},
|
||||
:type "Opaque",
|
||||
:data
|
||||
{:JVB_AUTH_PASSWORD "anZiLWF1dGg=",
|
||||
:JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=",
|
||||
:JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}}
|
||||
(cut/generate-secret-jitsi {:jvb-auth-password "jvb-auth"
|
||||
:jicofo-auth-password "jicofo-auth"
|
||||
:jicofo-component-secret "jicofo-comp"}))))
|
||||
(cut/generate-secret-jitsi
|
||||
{:fqdn "xy.xy.xy"
|
||||
:namespace "jitsi"}
|
||||
{:jvb-auth-password "jvb-auth"
|
||||
:jicofo-auth-password "jicofo-auth"
|
||||
:jicofo-component-secret "jicofo-comp"}))))
|
||||
|
|
Loading…
Reference in a new issue