even smaller test

grouped deployments together for them to work

fixed valid-config and auth

.gitignore

@@ -26,3 +26,4 @@ public/js/
 
 auth.edn
 config.edn
+out.yaml

src/main/cljc/dda/c4k_jitsi/core.cljc

@@ -18,11 +18,8 @@
    (map (fn [x] (yaml/to-string x))
    [(jitsi/generate-ingress config)
     (jitsi/generate-secret config)
-    (jitsi/generate-jicofo-deployment)
-    (jitsi/generate-jvb-deployment)
     (jitsi/generate-jvb-service)
-    (jitsi/generate-prosody-deployment)
+    (jitsi/generate-deployment)
-    (jitsi/generate-web-deployment)
     (jitsi/generate-web-service)]))
 
 (defn-spec generate any?

src/main/cljc/dda/c4k_jitsi/jitsi.cljc

@@ -4,6 +4,7 @@
   #?(:cljs [shadow.resource :as rc])
   [dda.c4k-common.yaml :as yaml]
   [dda.c4k-common.common :as cm]
+  [dda.c4k-common.base64 :as b64]
   [dda.c4k-common.predicate :as pred]))
 
 (s/def ::fqdn pred/fqdn-string?)
@@ -16,43 +17,51 @@
    (defmethod yaml/load-resource :jitsi [resource-name]
      (case resource-name
        "jitsi/ingress.yaml"              (rc/inline "jitsi/ingress.yaml")
-       "jitsi/jicofo-deployment.yaml"    (rc/inline "jitsi/jicofo-deployment.yaml")
-       "jitsi/jvb-deployment.yaml"       (rc/inline "jitsi/jvb-deployment.yaml")
        "jitsi/jvb-service.yaml"          (rc/inline "jitsi/jvb-service.yaml")
-       "jitsi/prosody-deployment.yaml"   (rc/inline "jitsi/prosody-deployment.yaml")
        "jitsi/secret.yaml"               (rc/inline "jitsi/secret.yaml")
-       "jitsi/web-deployment.yaml"       (rc/inline "jitsi/web-deployment.yaml")
        "jitsi/web-service.yaml"          (rc/inline "jitsi/web-service.yaml")
+       "jitsi/pod-security-policy.yaml"  (rc/inline "jitsi/pod-security-policy.yaml")
+       "jitsi/role-binding.yaml"         (rc/inline "jitsi/role-binding.yaml")
+       "jitsi/role.yaml"                 (rc/inline "jitsi/role.yaml")
+       "jitsi/service-account.yaml"      (rc/inline "jitsi/service-account.yaml")
        (throw (js/Error. "Undefined Resource!")))))
 
 (defn generate-ingress [config]
-  (->
+  (let [{:keys [fqdn issuer ingress-type]
-   ; TODO: Update fqdn from config
+         :or {issuer :staging ingress-type :default}} config
-   (yaml/from-string (yaml/load-resource "jitsi/ingress.yaml"))))
+        letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")
+        ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
+    (->
+     (yaml/from-string (yaml/load-resource "jitsi/ingress.yaml"))
+     (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
+     (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
+     (cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
 
 (defn generate-secret [config]
-  (->
+  (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config]
-   ; TODO: Update secrets from auth
+    (->
-   (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))))
+     (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
-
+     (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
-(defn generate-jicofo-deployment []
+     (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
-  (->
+     (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
-   (yaml/from-string (yaml/load-resource "jitsi/jicofo-deployment.yaml"))))
-
-(defn generate-jvb-deployment []
-  (->
-   (yaml/from-string (yaml/load-resource "jitsi/jvb-deployment.yaml"))))
 
 (defn generate-jvb-service []
   (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
 
-(defn generate-prosody-deployment []
-  (->
-   (yaml/from-string (yaml/load-resource "jitsi/prosody-deployment.yaml"))))
-
-(defn generate-web-deployment []
-  (->
-   (yaml/from-string (yaml/load-resource "jitsi/web-deployment.yaml"))))
-
 (defn generate-web-service []
   (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml")))
+
+(defn generate-deployment []
+  (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml")))
+
+(defn generate-pod-security-policy []
+  (yaml/from-string (yaml/load-resource "jitsi/pod-security-policy.yaml")))
+
+(defn generate-role-binding []
+  (yaml/from-string (yaml/load-resource "jitsi/role-binding.yaml")))
+
+(defn generate-role []
+  (yaml/from-string (yaml/load-resource "jitsi/role.yaml")))
+
+(defn generate-service-account []
+  (yaml/from-string (yaml/load-resource "jitsi/service-account.yaml")))

src/main/resources/jitsi/deployment.yaml

@@ -0,0 +1,147 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: jitsi
+  name: jitsi
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: jitsi
+  template:
+    metadata:
+      labels:
+        app: jitsi
+    spec:
+      containers:
+        - name: jicofo
+          image: jitsi/jicofo:stable-6826
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: Europe/Berlin
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+        - name: prosody
+          image: jitsi/prosody:stable-6826
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: PUBLIC_URL
+              value: "https://jitsi.test.meissa-gmbh.de"
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: Europe/Berlin
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: web
+          image: jitsi/web:stable-6826
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: PUBLIC_URL
+              value: "https://jitsi.test.meissa-gmbh.de"
+            - name: XMPP_SERVER
+              value: localhost
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: XMPP_BOSH_URL_BASE
+              value: http://127.0.0.1:5280
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: TZ
+              value: Europe/Berlin
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: jvb
+          image: jitsi/jvb:stable-6826
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: DOCKER_HOST_ADDRESS
+              value: localhost
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JVB_STUN_SERVERS
+              value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_PORT
+              value: "30300"
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+            - name: TZ
+              value: Europe/Berlin

src/main/resources/jitsi/jicofo-deployment.yaml

@@ -1,46 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jitsi
-  name: jitsi
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: jitsi
-  template:
-    metadata:
-      labels:
-        app: jitsi
-    spec:
-      containers:
-        - name: jicofo
-          image: jitsi/jicofo:stable-6826
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: XMPP_SERVER
-              value: localhost
-            - name: XMPP_DOMAIN
-              value: meet.jitsi
-            - name: XMPP_AUTH_DOMAIN
-              value: auth.meet.jitsi
-            - name: XMPP_MUC_DOMAIN
-              value: muc.meet.jitsi
-            - name: XMPP_INTERNAL_MUC_DOMAIN
-              value: internal-muc.meet.jitsi
-            - name: JICOFO_COMPONENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_COMPONENT_SECRET
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin

src/main/resources/jitsi/jvb-deployment.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jitsi
-  name: jitsi
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: jitsi
-  template:
-    metadata:
-      labels:
-        app: jitsi
-    spec:
-      containers:
-        - name: jvb
-          image: jitsi/jvb:stable-6826
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: XMPP_SERVER
-              value: localhost
-            - name: DOCKER_HOST_ADDRESS
-              value: localhost
-            - name: XMPP_DOMAIN
-              value: meet.jitsi
-            - name: XMPP_AUTH_DOMAIN
-              value: auth.meet.jitsi
-            - name: XMPP_INTERNAL_MUC_DOMAIN
-              value: internal-muc.meet.jitsi
-            - name: JVB_STUN_SERVERS
-              value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"
-            - name: JVB_AUTH_USER
-              value: jvb
-            - name: JVB_PORT
-              value: "30300"
-            - name: JVB_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JVB_AUTH_PASSWORD
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin

src/main/resources/jitsi/prosody-deployment.yaml

@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jitsi
-  name: jitsi
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: jitsi
-  template:
-    metadata:
-      labels:
-        app: jitsi
-    spec:
-      containers:
-        - name: prosody
-          image: jitsi/prosody:stable-6826
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: XMPP_DOMAIN
-              value: meet.jitsi
-            - name: XMPP_AUTH_DOMAIN
-              value: auth.meet.jitsi
-            - name: XMPP_MUC_DOMAIN
-              value: muc.meet.jitsi
-            - name: XMPP_INTERNAL_MUC_DOMAIN
-              value: internal-muc.meet.jitsi
-            - name: JICOFO_COMPONENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_COMPONENT_SECRET
-            - name: JVB_AUTH_USER
-              value: jvb
-            - name: JVB_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JVB_AUTH_PASSWORD
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: JICOFO_AUTH_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jitsi-config
-                  key: JICOFO_AUTH_PASSWORD
-            - name: TZ
-              value: Europe/Berlin
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"

src/main/resources/jitsi/web-deployment.yaml

@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jitsi
-  name: jitsi
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: jitsi
-  template:
-    metadata:
-      labels:
-        app: jitsi
-    spec:
-      containers:
-        - name: web
-          image: jitsi/web:stable-6826
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: XMPP_SERVER
-              value: localhost
-            - name: JICOFO_AUTH_USER
-              value: focus
-            - name: XMPP_DOMAIN
-              value: meet.jitsi
-            - name: XMPP_AUTH_DOMAIN
-              value: auth.meet.jitsi
-            - name: XMPP_INTERNAL_MUC_DOMAIN
-              value: internal-muc.meet.jitsi
-            - name: XMPP_BOSH_URL_BASE
-              value: http://127.0.0.1:5280
-            - name: XMPP_MUC_DOMAIN
-              value: muc.meet.jitsi
-            - name: TZ
-              value: Europe/Berlin
-            - name: JVB_TCP_HARVESTER_DISABLED
-              value: "true"

valid-auth.edn

@@ -1,3 +1,3 @@
-{:django-secret-key "django"
+{:jvb-auth-password "JvbAuth"
- :postgres-db-user "jitsi"
+ :jicofo-auth-password "JicofoAuth"
- :postgres-db-password "jitsi-db-password"}
+ :jicofo-component-secret "JicofoCompSec"}

valid-config.edn

@@ -1,3 +1,2 @@
-{:fqdn "statistics.test.meissa-gmbh.de"
+{:fqdn "jitsi.test.meissa-gmbh.de"
- :issuer :staging 
+ :issuer :staging}
- :postgres-data-volume-path "/var/postgres"}