diff --git a/.gitignore b/.gitignore index ab17090..05f4f8d 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ public/js/ auth.edn config.edn +out.yaml diff --git a/src/main/cljc/dda/c4k_jitsi/core.cljc b/src/main/cljc/dda/c4k_jitsi/core.cljc index a3f41fc..30f0193 100644 --- a/src/main/cljc/dda/c4k_jitsi/core.cljc +++ b/src/main/cljc/dda/c4k_jitsi/core.cljc @@ -18,11 +18,8 @@ (map (fn [x] (yaml/to-string x)) [(jitsi/generate-ingress config) (jitsi/generate-secret config) - (jitsi/generate-jicofo-deployment) - (jitsi/generate-jvb-deployment) (jitsi/generate-jvb-service) - (jitsi/generate-prosody-deployment) - (jitsi/generate-web-deployment) + (jitsi/generate-deployment) (jitsi/generate-web-service)])) (defn-spec generate any? diff --git a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc index 235d877..3094419 100644 --- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc +++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc @@ -4,6 +4,7 @@ #?(:cljs [shadow.resource :as rc]) [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] + [dda.c4k-common.base64 :as b64] [dda.c4k-common.predicate :as pred])) (s/def ::fqdn pred/fqdn-string?) @@ -16,43 +17,51 @@ (defmethod yaml/load-resource :jitsi [resource-name] (case resource-name "jitsi/ingress.yaml" (rc/inline "jitsi/ingress.yaml") - "jitsi/jicofo-deployment.yaml" (rc/inline "jitsi/jicofo-deployment.yaml") - "jitsi/jvb-deployment.yaml" (rc/inline "jitsi/jvb-deployment.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") - "jitsi/prosody-deployment.yaml" (rc/inline "jitsi/prosody-deployment.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml") - "jitsi/web-deployment.yaml" (rc/inline "jitsi/web-deployment.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") + "jitsi/pod-security-policy.yaml" (rc/inline "jitsi/pod-security-policy.yaml") + "jitsi/role-binding.yaml" (rc/inline "jitsi/role-binding.yaml") + "jitsi/role.yaml" (rc/inline "jitsi/role.yaml") + "jitsi/service-account.yaml" (rc/inline "jitsi/service-account.yaml") (throw (js/Error. "Undefined Resource!"))))) (defn generate-ingress [config] - (-> - ; TODO: Update fqdn from config - (yaml/from-string (yaml/load-resource "jitsi/ingress.yaml")))) + (let [{:keys [fqdn issuer ingress-type] + :or {issuer :staging ingress-type :default}} config + letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer") + ingress-kind (if (= :default ingress-type) "" (name ingress-type))] + (-> + (yaml/from-string (yaml/load-resource "jitsi/ingress.yaml")) + (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) + (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind) + (cm/replace-all-matching-values-by-new-value "fqdn" fqdn)))) (defn generate-secret [config] - (-> - ; TODO: Update secrets from auth - (yaml/from-string (yaml/load-resource "jitsi/secret.yaml")))) - -(defn generate-jicofo-deployment [] - (-> - (yaml/from-string (yaml/load-resource "jitsi/jicofo-deployment.yaml")))) - -(defn generate-jvb-deployment [] - (-> - (yaml/from-string (yaml/load-resource "jitsi/jvb-deployment.yaml")))) + (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config] + (-> + (yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) + (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) + (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) + (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) (defn generate-jvb-service [] (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) -(defn generate-prosody-deployment [] - (-> - (yaml/from-string (yaml/load-resource "jitsi/prosody-deployment.yaml")))) - -(defn generate-web-deployment [] - (-> - (yaml/from-string (yaml/load-resource "jitsi/web-deployment.yaml")))) - (defn generate-web-service [] (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) + +(defn generate-deployment [] + (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml"))) + +(defn generate-pod-security-policy [] + (yaml/from-string (yaml/load-resource "jitsi/pod-security-policy.yaml"))) + +(defn generate-role-binding [] + (yaml/from-string (yaml/load-resource "jitsi/role-binding.yaml"))) + +(defn generate-role [] + (yaml/from-string (yaml/load-resource "jitsi/role.yaml"))) + +(defn generate-service-account [] + (yaml/from-string (yaml/load-resource "jitsi/service-account.yaml"))) \ No newline at end of file diff --git a/src/main/resources/jitsi/deployment.yaml b/src/main/resources/jitsi/deployment.yaml new file mode 100644 index 0000000..6526893 --- /dev/null +++ b/src/main/resources/jitsi/deployment.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jitsi + name: jitsi +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: jitsi + template: + metadata: + labels: + app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-6826 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: Europe/Berlin + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-6826 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://jitsi.test.meissa-gmbh.de" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: Europe/Berlin + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-6826 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://jitsi.test.meissa-gmbh.de" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: Europe/Berlin + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-6826 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: Europe/Berlin \ No newline at end of file diff --git a/src/main/resources/jitsi/jicofo-deployment.yaml b/src/main/resources/jitsi/jicofo-deployment.yaml deleted file mode 100644 index 4bd080d..0000000 --- a/src/main/resources/jitsi/jicofo-deployment.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jitsi - name: jitsi -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: jitsi - template: - metadata: - labels: - app: jitsi - spec: - containers: - - name: jicofo - image: jitsi/jicofo:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Berlin \ No newline at end of file diff --git a/src/main/resources/jitsi/jvb-deployment.yaml b/src/main/resources/jitsi/jvb-deployment.yaml deleted file mode 100644 index 0448e4d..0000000 --- a/src/main/resources/jitsi/jvb-deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jitsi - name: jitsi -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: jitsi - template: - metadata: - labels: - app: jitsi - spec: - containers: - - name: jvb - image: jitsi/jvb:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: DOCKER_HOST_ADDRESS - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JVB_STUN_SERVERS - value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 - - name: JICOFO_AUTH_USER - value: focus - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - - name: JVB_AUTH_USER - value: jvb - - name: JVB_PORT - value: "30300" - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Berlin \ No newline at end of file diff --git a/src/main/resources/jitsi/prosody-deployment.yaml b/src/main/resources/jitsi/prosody-deployment.yaml deleted file mode 100644 index 3291738..0000000 --- a/src/main/resources/jitsi/prosody-deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jitsi - name: jitsi -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: jitsi - template: - metadata: - labels: - app: jitsi - spec: - containers: - - name: prosody - image: jitsi/prosody:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JVB_AUTH_USER - value: jvb - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Berlin - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" \ No newline at end of file diff --git a/src/main/resources/jitsi/web-deployment.yaml b/src/main/resources/jitsi/web-deployment.yaml deleted file mode 100644 index 7852e43..0000000 --- a/src/main/resources/jitsi/web-deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jitsi - name: jitsi -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: jitsi - template: - metadata: - labels: - app: jitsi - spec: - containers: - - name: web - image: jitsi/web:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: JICOFO_AUTH_USER - value: focus - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: XMPP_BOSH_URL_BASE - value: http://127.0.0.1:5280 - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: TZ - value: Europe/Berlin - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" \ No newline at end of file diff --git a/valid-auth.edn b/valid-auth.edn index 49552bc..f05fae3 100644 --- a/valid-auth.edn +++ b/valid-auth.edn @@ -1,3 +1,3 @@ -{:django-secret-key "django" - :postgres-db-user "jitsi" - :postgres-db-password "jitsi-db-password"} +{:jvb-auth-password "JvbAuth" + :jicofo-auth-password "JicofoAuth" + :jicofo-component-secret "JicofoCompSec"} diff --git a/valid-config.edn b/valid-config.edn index 98711d3..05a2550 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -1,3 +1,2 @@ -{:fqdn "statistics.test.meissa-gmbh.de" - :issuer :staging - :postgres-data-volume-path "/var/postgres"} +{:fqdn "jitsi.test.meissa-gmbh.de" + :issuer :staging}