refactored deployment & secret

This commit is contained in:
Michael Jerger 2024-08-02 15:05:04 +02:00
parent 89cb9f8223
commit 4ac3f4ca49
4 changed files with 32 additions and 14 deletions

View file

@ -12,12 +12,14 @@
(s/def ::fqdn cp/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer cp/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::namespace string?)
(s/def ::jvb-auth-password cp/bash-env-string?) (s/def ::jvb-auth-password cp/bash-env-string?)
(s/def ::jicofo-auth-password cp/bash-env-string?) (s/def ::jicofo-auth-password cp/bash-env-string?)
(s/def ::jicofo-component-secret cp/bash-env-string?) (s/def ::jicofo-component-secret cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer])) :opt-un [::issuer
::namespace]))
(def auth? (s/keys :req-un [::jvb-auth-password (def auth? (s/keys :req-un [::jvb-auth-password
::jicofo-auth-password ::jicofo-auth-password
@ -63,10 +65,13 @@
config))) config)))
(defn-spec generate-secret-jitsi cp/map-or-seq? (defn-spec generate-secret-jitsi cp/map-or-seq?
[auth auth?] [config config?
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth] auth auth?]
(let [{:keys [namespace]} config
{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
@ -88,10 +93,11 @@
(defn-spec generate-deployment cp/map-or-seq? (defn-spec generate-deployment cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn namespace]} config]
(-> (->
(yaml/load-as-edn "jitsi/deployment.yaml") (yaml/load-as-edn "jitsi/deployment.yaml")
(cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn) (cm/replace-all-matching "REPLACE_JITSI_FQDN" fqdn)
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching "REPLACE_ETHERPAD_URL" (cm/replace-all-matching "REPLACE_ETHERPAD_URL"
(str "https://etherpad." fqdn "/p/")) (str "https://etherpad." fqdn "/p/"))

View file

@ -4,6 +4,7 @@ metadata:
labels: labels:
app: jitsi app: jitsi
name: jitsi name: jitsi
namespace: NAMESPACE
spec: spec:
strategy: strategy:
type: Recreate type: Recreate

View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: jitsi-config name: jitsi-config
namespace: NAMESPACE
type: Opaque type: Opaque
data: data:
JVB_AUTH_PASSWORD: "jvb-auth" JVB_AUTH_PASSWORD: "jvb-auth"

View file

@ -5,12 +5,16 @@
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.c4k-jitsi.jitsi :as cut])) [dda.c4k-jitsi.jitsi :as cut]))
(st/instrument) (st/instrument `cut/generate-deployment)
(st/instrument `cut/generate-secret-jitsi)
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
:kind "Deployment", :kind "Deployment",
:metadata {:labels {:app "jitsi"}, :name "jitsi"}, :metadata
{:labels {:app "jitsi"},
:name "jitsi"
:namespace "jitsi"},
:spec :spec
{:strategy {:type "Recreate"}, {:strategy {:type "Recreate"},
:selector {:matchLabels {:app "jitsi"}}, :selector {:matchLabels {:app "jitsi"}},
@ -19,7 +23,7 @@
:spec :spec
{:containers {:containers
[{:name "jicofo", [{:name "jicofo",
:image "jitsi/jicofo:stable-9457-2", :image "jitsi/jicofo:stable-9584-1",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "XMPP_SERVER", :value "localhost"} [{:name "XMPP_SERVER", :value "localhost"}
@ -29,7 +33,7 @@
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
{:name "TZ", :value "Europe/Berlin"}]} {:name "TZ", :value "Europe/Berlin"}]}
{:name "prosody", {:name "prosody",
:image "jitsi/prosody:stable-9457-2", :image "jitsi/prosody:stable-9584-1",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy.xy.xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
@ -63,7 +67,7 @@
{:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"} {:name "WHITEBOARD_COLLAB_SERVER_PUBLIC_URL", :value "https://excalidraw-backend.xy.xy.xy"}
{:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]} {:name "COLIBRI_WEBSOCKET_REGEX", :value "127.0.0.1"}]}
{:name "jvb", {:name "jvb",
:image "jitsi/jvb:stable-9457-2", :image "jitsi/jvb:stable-9584-1",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy.xy.xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
@ -85,17 +89,23 @@
{:name "JICOFO_AUTH_USER", :value "focus"} {:name "JICOFO_AUTH_USER", :value "focus"}
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
{:name "TZ", :value "Europe/Berlin"}]}]}}}} {:name "TZ", :value "Europe/Berlin"}]}]}}}}
(cut/generate-deployment {:fqdn "xy.xy.xy"})))) (cut/generate-deployment {:fqdn "xy.xy.xy"
:namespace "jitsi"}))))
(deftest should-generate-secret (deftest should-generate-secret
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",
:kind "Secret", :kind "Secret",
:metadata {:name "jitsi-config"}, :metadata
{:name "jitsi-config"
:namespace "jitsi"},
:type "Opaque", :type "Opaque",
:data :data
{:JVB_AUTH_PASSWORD "anZiLWF1dGg=", {:JVB_AUTH_PASSWORD "anZiLWF1dGg=",
:JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=", :JICOFO_AUTH_PASSWORD "amljb2ZvLWF1dGg=",
:JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}} :JICOFO_COMPONENT_SECRET "amljb2ZvLWNvbXA="}}
(cut/generate-secret-jitsi {:jvb-auth-password "jvb-auth" (cut/generate-secret-jitsi
:jicofo-auth-password "jicofo-auth" {:fqdn "xy.xy.xy"
:jicofo-component-secret "jicofo-comp"})))) :namespace "jitsi"}
{:jvb-auth-password "jvb-auth"
:jicofo-auth-password "jicofo-auth"
:jicofo-component-secret "jicofo-comp"}))))