refactored deployment & secret
This commit is contained in:
parent
89cb9f8223
commit
4ac3f4ca49
4 changed files with 32 additions and 14 deletions
|
@ -12,12 +12,14 @@
|
||||||
|
|
||||||
(s/def ::fqdn cp/fqdn-string?)
|
(s/def ::fqdn cp/fqdn-string?)
|
||||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||||
|
(s/def ::namespace string?)
|
||||||
(s/def ::jvb-auth-password cp/bash-env-string?)
|
(s/def ::jvb-auth-password cp/bash-env-string?)
|
||||||
(s/def ::jicofo-auth-password cp/bash-env-string?)
|
(s/def ::jicofo-auth-password cp/bash-env-string?)
|
||||||
(s/def ::jicofo-component-secret cp/bash-env-string?)
|
(s/def ::jicofo-component-secret cp/bash-env-string?)
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::fqdn]
|
(def config? (s/keys :req-un [::fqdn]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer
|
||||||
|
::namespace]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::jvb-auth-password
|
(def auth? (s/keys :req-un [::jvb-auth-password
|
||||||
::jicofo-auth-password
|
::jicofo-auth-password
|
||||||
|
@ -63,10 +65,13 @@
|
||||||
config)))
|
config)))
|
||||||
|
|
||||||
(defn-spec generate-secret-jitsi cp/map-or-seq?
|
(defn-spec generate-secret-jitsi cp/map-or-seq?
|
||||||
[auth auth?]
|
[config config?
|
||||||
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
|
auth auth?]
|
||||||
|
(let [{:keys [namespace]} config
|
||||||
|
{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
|
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
|
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
|
||||||
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
|
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
|
||||||
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
|
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
|
||||||
|
@ -88,10 +93,11 @@
|
||||||
|
|
||||||
(defn-spec generate-deployment cp/map-or-seq?
|
(defn-spec generate-deployment cp/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
(let [{:keys [fqdn]} config]
|
(let [{:keys [fqdn namespace]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "jitsi/deployment.yaml")
|
(yaml/load-as-edn "jitsi/deployment.yaml")
|
||||||
(cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
|
(cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
(cm/replace-all-matching "REPLACE_ETHERPAD_URL"
|
(cm/replace-all-matching "REPLACE_ETHERPAD_URL"
|
||||||
(str "https://etherpad." fqdn "/p/"))
|
(str "https://etherpad." fqdn "/p/"))
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
app: jitsi
|
app: jitsi
|
||||||
name: jitsi
|
name: jitsi
|
||||||
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
strategy:
|
strategy:
|
||||||
type: Recreate
|
type: Recreate
|
||||||
|
|
|
@ -2,6 +2,7 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: jitsi-config
|
name: jitsi-config
|
||||||
|
namespace: NAMESPACE
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
JVB_AUTH_PASSWORD: "jvb-auth"
|
JVB_AUTH_PASSWORD: "jvb-auth"
|
||||||
|
|
|
@ -5,12 +5,16 @@
|
||||||
[clojure.spec.test.alpha :as st]
|
[clojure.spec.test.alpha :as st]
|
||||||
[dda.c4k-jitsi.jitsi :as cut]))
|
[dda.c4k-jitsi.jitsi :as cut]))
|
||||||
|
|
||||||
(st/instrument)
|
(st/instrument `cut/generate-deployment)
|
||||||
|
(st/instrument `cut/generate-secret-jitsi)
|
||||||
|
|
||||||
(deftest should-generate-deployment
|
(deftest should-generate-deployment
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
:kind "Deployment",
|
:kind "Deployment",
|
||||||
:metadata {:labels {:app "jitsi"}, :name "jitsi"},
|
:metadata
|
||||||
|
{:labels {:app "jitsi"},
|
||||||
|
:name "jitsi"
|
||||||
|
:namespace "jitsi"},
|
||||||
:spec
|
:spec
|
||||||
{:strategy {:type "Recreate"},
|
{:strategy {:type "Recreate"},
|
||||||
:selector {:matchLabels {:app "jitsi"}},
|
:selector {:matchLabels {:app "jitsi"}},
|
||||||
|
@ -19,7 +23,7 @@
|
||||||
:spec
|
:spec
|
||||||
{:containers
|
{:containers
|
||||||
[{:name "jicofo",
|
[{:name "jicofo",
|
||||||
:image "jitsi/jicofo:stable-9457-2",
|
:image "jitsi/jicofo:stable-9584-1",
|
||||||
:imagePullPolicy "IfNotPresent",
|
:imagePullPolicy "IfNotPresent",
|
||||||
:env
|
:env
|
||||||
[{:name "XMPP_SERVER", :value "localhost"}
|
[{:name "XMPP_SERVER", :value "localhost"}
|
||||||
|
@ -29,7 +33,7 @@
|
||||||
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
||||||
{:name "TZ", :value "Europe/Berlin"}]}
|
{:name "TZ", :value "Europe/Berlin"}]}
|
||||||
{:name "prosody",
|
{:name "prosody",
|
||||||
:image "jitsi/prosody:stable-9457-2",
|
:image "jitsi/prosody:stable-9584-1",
|
||||||
:imagePullPolicy "IfNotPresent",
|
:imagePullPolicy "IfNotPresent",
|
||||||
:env
|
:env
|
||||||
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
||||||
|
@ -63,7 +67,7 @@
|
||||||
{:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"}
|
{:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"}
|
||||||
{:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]}
|
{:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]}
|
||||||
{:name "jvb",
|
{:name "jvb",
|
||||||
:image "jitsi/jvb:stable-9457-2",
|
:image "jitsi/jvb:stable-9584-1",
|
||||||
:imagePullPolicy "IfNotPresent",
|
:imagePullPolicy "IfNotPresent",
|
||||||
:env
|
:env
|
||||||
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
[{:name "PUBLIC_URL", :value "xy.xy.xy"}
|
||||||
|
@ -85,17 +89,23 @@
|
||||||
{:name "JICOFO_AUTH_USER", :value "focus"}
|
{:name "JICOFO_AUTH_USER", :value "focus"}
|
||||||
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
|
||||||
{:name "TZ", :value "Europe/Berlin"}]}]}}}}
|
{:name "TZ", :value "Europe/Berlin"}]}]}}}}
|
||||||
(cut/generate-deployment {:fqdn "xy.xy.xy"}))))
|
(cut/generate-deployment {:fqdn "xy.xy.xy"
|
||||||
|
:namespace "jitsi"}))))
|
||||||
|
|
||||||
(deftest should-generate-secret
|
(deftest should-generate-secret
|
||||||
(is (= {:apiVersion "v1",
|
(is (= {:apiVersion "v1",
|
||||||
:kind "Secret",
|
:kind "Secret",
|
||||||
:metadata {:name "jitsi-config"},
|
:metadata
|
||||||
|
{:name "jitsi-config"
|
||||||
|
:namespace "jitsi"},
|
||||||
:type "Opaque",
|
:type "Opaque",
|
||||||
:data
|
:data
|
||||||
{:JVB_AUTH_PASSWORD "anZiLWF1dGg=",
|
{:JVB_AUTH_PASSWORD "anZiLWF1dGg=",
|
||||||
:JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=",
|
:JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=",
|
||||||
:JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}}
|
:JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}}
|
||||||
(cut/generate-secret-jitsi {:jvb-auth-password "jvb-auth"
|
(cut/generate-secret-jitsi
|
||||||
:jicofo-auth-password "jicofo-auth"
|
{:fqdn "xy.xy.xy"
|
||||||
:jicofo-component-secret "jicofo-comp"}))))
|
:namespace "jitsi"}
|
||||||
|
{:jvb-auth-password "jvb-auth"
|
||||||
|
:jicofo-auth-password "jicofo-auth"
|
||||||
|
:jicofo-component-secret "jicofo-comp"}))))
|
||||||
|
|
Loading…
Reference in a new issue