diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cc02860..65c060e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ test-schema: stage: build_and_test script: - lein uberjar - - java -jar target/uberjar/c4k-jitsi-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate - + - java -jar target/uberjar/c4k-jitsi-standalone.jar src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate - artifacts: paths: - target/uberjar diff --git a/README.md b/README.md index 5016037..6ed92c7 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,8 @@ Your input will stay in your browser. No server interaction is required. You will also be able to try out on cli: ``` -target/graalvm/c4k-jitsi src/test/resources/valid-config.edn src/test/resources/valid-auth.edn | kubeval - -target/graalvm/c4k-jitsi src/test/resources/valid-config.edn src/test/resources/valid-auth.edn | kubectl apply -f - +target/graalvm/c4k-jitsi src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubeval - +target/graalvm/c4k-jitsi src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubectl apply -f - ``` ## Documentation diff --git a/create_admin.sh b/create_admin.sh deleted file mode 100755 index 2bd652f..0000000 --- a/create_admin.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -if [ $# != 4 ] -then - echo "expected 4 arguments (webserver-pod-name, username, email, password)" - exit -1 -fi - -kubectl exec $1 -- python3 manage.py shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$2', '$3', '$4')" diff --git a/doc/SetupOnHetzner.md b/doc/SetupOnHetzner.md index 626a63e..1164415 100644 --- a/doc/SetupOnHetzner.md +++ b/doc/SetupOnHetzner.md @@ -45,7 +45,7 @@ output "ipv4" { ## k8s minicluster -For k8s installation we use our [dda-k8s-crate](https://github.com/DomainDrivenArchitecture/dda-k8s-crate) with the following configuation: +For k8s installation we use our [provs](https://repo.prod.meissa.de/meissa/provs) with the following configuation: ``` @@ -69,5 +69,5 @@ with the following config.edn: ``` {:fqdn "the-fqdn-from aws_route53_record.v4_neu" :postgres-data-volume-path "/var/postgres" ;; Volume was configured at dda-k8s-crate, results in a PersistentVolume definition. - :issuer :prod } + :issuer "prod" } ``` diff --git a/doc/tryItOut.png b/doc/tryItOut.png index a2a69d2..1f50b00 100644 Binary files a/doc/tryItOut.png and b/doc/tryItOut.png differ diff --git a/package.json b/package.json index 7b5ea56..2ad1f9a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "c4k-jitsi", "description": "Generate c4k yaml for a jitsi deployment.", "author": "meissa GmbH", - "version": "1.2.2-SNAPSHOT", + "version": "1.3.2", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-jitsi#readme", "repository": "https://www.npmjs.com/package/c4k-jitsi", "license": "APACHE2", diff --git a/project.clj b/project.clj index 48ed69c..5f093fa 100644 --- a/project.clj +++ b/project.clj @@ -1,11 +1,11 @@ -(defproject org.domaindrivenarchitecture/c4k-jitsi "1.2.2-SNAPSHOT" +(defproject org.domaindrivenarchitecture/c4k-jitsi "1.3.3-SNAPSHOT" :description "jitsi c4k-installation package" :url "https://domaindrivenarchitecture.org" :license {:name "Apache License, Version 2.0" :url "https://www.apache.org/licenses/LICENSE-2.0.html"} - :dependencies [[org.clojure/clojure "1.10.3"] + :dependencies [[org.clojure/clojure "1.11.1"] [org.clojure/tools.reader "1.3.6"] - [org.domaindrivenarchitecture/c4k-common-clj "2.1.0"] + [org.domaindrivenarchitecture/c4k-common-clj "5.0.1"] [hickory "0.7.1"]] :target-path "target/%s/" :source-paths ["src/main/cljc" @@ -22,10 +22,10 @@ :uberjar {:aot :all :main dda.c4k-jitsi.uberjar :uberjar-name "c4k-jitsi-standalone.jar" - :dependencies [[org.clojure/tools.cli "1.0.206"] - [ch.qos.logback/logback-classic "1.3.0-alpha4" + :dependencies [[org.clojure/tools.cli "1.0.214"] + [ch.qos.logback/logback-classic "1.4.5" :exclusions [com.sun.mail/javax.mail]] - [org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}} + [org.slf4j/jcl-over-slf4j "2.0.6"]]}} :release-tasks [["test"] ["vcs" "assert-committed"] ["change" "version" "leiningen.release/bump-version" "release"] diff --git a/shadow-cljs.edn b/shadow-cljs.edn index 4570449..9097467 100644 --- a/shadow-cljs.edn +++ b/shadow-cljs.edn @@ -4,7 +4,7 @@ "src/test/cljc" "src/test/cljs" "src/test/resources"] - :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "1.0.0"] + :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "5.0.1"] [hickory "0.7.1"]] :builds {:frontend {:target :browser :modules {:main {:init-fn dda.c4k-jitsi.browser/init}} diff --git a/src/main/clj/dda/c4k_jitsi/uberjar.clj b/src/main/clj/dda/c4k_jitsi/uberjar.clj index 3d58c93..f0fbefa 100644 --- a/src/main/clj/dda/c4k_jitsi/uberjar.clj +++ b/src/main/clj/dda/c4k_jitsi/uberjar.clj @@ -1,56 +1,14 @@ (ns dda.c4k-jitsi.uberjar (:gen-class) (:require - [clojure.spec.alpha :as s] - [clojure.string :as cs] - [clojure.tools.reader.edn :as edn] - [expound.alpha :as expound] + [dda.c4k-common.uberjar :as uberjar] [dda.c4k-jitsi.core :as core])) -(def usage - "usage: - - c4k-jitsi {your configuraton file} {your authorization file}") - -(s/def ::options (s/* #{"-h"})) -(s/def ::filename (s/and string? - #(not (cs/starts-with? % "-")))) -(s/def ::cmd-args (s/cat :options ::options - :args (s/? - (s/cat :config ::filename - :auth ::filename)))) - -(defn expound-config - [config] - (expound/expound ::core/config config)) - -(defn invalid-args-msg - [spec args] - (s/explain spec args) - (println (str "Bad commandline arguments\n" usage))) - (defn -main [& cmd-args] - (let [parsed-args-cmd (s/conform ::cmd-args cmd-args)] - (if (= ::s/invalid parsed-args-cmd) - (invalid-args-msg ::cmd-args cmd-args) - (let [{:keys [options args]} parsed-args-cmd - {:keys [config auth]} args] - (cond - (some #(= "-h" %) options) - (println usage) - :default - (let [config-str (slurp config) - auth-str (slurp auth) - config-edn (edn/read-string config-str) - auth-edn (edn/read-string auth-str) - config-valid? (s/valid? core/config? config-edn) - auth-valid? (s/valid? core/auth? auth-edn)] - (if (and config-valid? auth-valid?) - (println (core/generate config-edn auth-edn)) - (do - (when (not config-valid?) - (println - (expound/expound-str core/config? config-edn {:print-specs? false}))) - (when (not auth-valid?) - (println - (expound/expound-str core/auth? auth-edn {:print-specs? false}))))))))))) + (uberjar/main-common + "c4k-jitsi" + core/config? + core/auth? + core/config-defaults + core/k8s-objects + cmd-args)) diff --git a/src/main/cljc/dda/c4k_jitsi/core.cljc b/src/main/cljc/dda/c4k_jitsi/core.cljc index a43d0c7..9215f9a 100644 --- a/src/main/cljc/dda/c4k_jitsi/core.cljc +++ b/src/main/cljc/dda/c4k_jitsi/core.cljc @@ -1,35 +1,41 @@ (ns dda.c4k-jitsi.core (:require - [clojure.string :as cs] [clojure.spec.alpha :as s] #?(:clj [orchestra.core :refer [defn-spec]] :cljs [orchestra.core :refer-macros [defn-spec]]) + [dda.c4k-common.common :as cm] + [dda.c4k-common.predicate :as cp] + [dda.c4k-common.monitoring :as mon] [dda.c4k-common.yaml :as yaml] [dda.c4k-jitsi.jitsi :as jitsi])) -(def config-defaults {:issuer :staging}) +(def config-defaults {:issuer "staging"}) + +(s/def ::mon-cfg mon/config?) +(s/def ::mon-auth mon/auth?) (def config? (s/keys :req-un [::jitsi/fqdn] - :opt-un [::jitsi/issuer ::jitsi/ingress-type])) + :opt-un [::jitsi/issuer + ::mon-cfg])) -(def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret])) +(def auth? (s/keys :req-un [::jitsi/jvb-auth-password + ::jitsi/jicofo-auth-password + ::jitsi/jicofo-component-secret] + :opt-un [::mon-auth])) -(defn k8s-objects [config] +(defn-spec k8s-objects cp/map-or-seq? + [config config? + auth auth?] (map yaml/to-string - [(jitsi/generate-secret-jitsi config) - (jitsi/generate-certificate-jitsi config) - (jitsi/generate-certificate-etherpad config) - (jitsi/generate-jvb-service) - (jitsi/generate-web-service) - (jitsi/generate-etherpad-service) - (jitsi/generate-ingress-jitsi config) - (jitsi/generate-ingress-etherpad config) - (jitsi/generate-deployment config)])) - -(defn-spec generate any? - [my-config config? - my-auth auth?] - (let [resulting-config (merge config-defaults my-config my-auth)] - (cs/join - "\n---\n" - (k8s-objects resulting-config)))) + (filter + #(not (nil? %)) + (cm/concat-vec + [(jitsi/generate-secret-jitsi auth) + (jitsi/generate-jvb-service) + (jitsi/generate-web-service) + (jitsi/generate-etherpad-service) + (jitsi/generate-deployment config)] + (jitsi/generate-ingress-web config) + (jitsi/generate-ingress-etherpad config) + (when (:contains? config :mon-cfg) + (mon/generate (:mon-cfg config) (:mon-auth auth))))))) diff --git a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc index 5dbcabf..86a8286 100644 --- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc +++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc @@ -2,95 +2,78 @@ (:require [clojure.spec.alpha :as s] #?(:cljs [shadow.resource :as rc]) + #?(:clj [orchestra.core :refer [defn-spec]] + :cljs [orchestra.core :refer-macros [defn-spec]]) [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] + [dda.c4k-common.ingress :as ing] [dda.c4k-common.base64 :as b64] - [dda.c4k-common.predicate :as pred])) + [dda.c4k-common.predicate :as cp])) -(s/def ::fqdn pred/fqdn-string?) -(s/def ::issuer pred/letsencrypt-issuer?) -(s/def ::jvb-auth-password pred/bash-env-string?) -(s/def ::jicofo-auth-password pred/bash-env-string?) -(s/def ::jicofo-component-secret pred/bash-env-string?) +(s/def ::fqdn cp/fqdn-string?) +(s/def ::issuer cp/letsencrypt-issuer?) +(s/def ::jvb-auth-password cp/bash-env-string?) +(s/def ::jicofo-auth-password cp/bash-env-string?) +(s/def ::jicofo-component-secret cp/bash-env-string?) + +(def config? (s/keys :req-un [::fqdn] + :opt-un [::issuer])) + +(def auth? (s/keys :req-un [::jvb-auth-password + ::jicofo-auth-password + ::jicofo-component-secret])) #?(:cljs (defmethod yaml/load-resource :jitsi [resource-name] (case resource-name "jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml") "jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml") - "jitsi/ingress-jitsi.yaml" (rc/inline "jitsi/ingress-jitsi.yaml") - "jitsi/ingress-etherpad.yaml" (rc/inline "jitsi/ingress-etherpad.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") (throw (js/Error. "Undefined Resource!"))))) -(defn generate-ingress-jitsi [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/from-string (yaml/load-resource "jitsi/ingress-jitsi.yaml")) - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind) - (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)))) +(defn-spec generate-ingress-web cp/map-or-seq? + [config config?] + (ing/generate-ingress-and-cert + (merge + {:service-name "web" + :service-port 80 + :fqdns [(:fqdn config)]} + config))) -(defn generate-ingress-etherpad [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/from-string (yaml/load-resource "jitsi/ingress-etherpad.yaml")) - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind) - (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" - (str "etherpad." fqdn))))) +(defn-spec generate-ingress-etherpad cp/map-or-seq? + [config config?] + (ing/generate-ingress-and-cert + (merge + {:service-name "etherpad" + :service-port 9001 + :fqdns [(str "etherpad." (:fqdn config))]} + config))) -(defn generate-secret-jitsi [config] - (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config] +(defn-spec generate-secret-jitsi cp/map-or-seq? + [auth auth?] + (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth] (-> (yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) -(defn generate-jvb-service [] +(defn-spec generate-jvb-service cp/map-or-seq? [] (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) -(defn generate-web-service [] - (yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) +(defn-spec generate-web-service cp/map-or-seq? [] + (yaml/load-as-edn "jitsi/web-service.yaml")) -(defn generate-etherpad-service [] - (yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml"))) +(defn-spec generate-etherpad-service cp/map-or-seq? [] + (yaml/load-as-edn "jitsi/etherpad-service.yaml")) -(defn generate-deployment [config] +(defn-spec generate-deployment cp/map-or-seq? + [config config?] (let [{:keys [fqdn]} config] (-> - (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml")) + (yaml/load-as-edn "jitsi/deployment.yaml") (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL" (str "https://etherpad." fqdn "/p/"))))) - -(defn generate-certificate-jitsi - [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/load-as-edn "jitsi/certificate-jitsi.yaml") - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)))) - -(defn generate-certificate-etherpad - [config] - (let [{:keys [fqdn issuer ingress-type] - :or {issuer :staging ingress-type :default}} config - letsencrypt-issuer (name issuer) - ingress-kind (if (= :default ingress-type) "" (name ingress-type))] - (-> - (yaml/load-as-edn "jitsi/certificate-etherpad.yaml") - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn))))) \ No newline at end of file diff --git a/src/main/cljs/dda/c4k_jitsi/browser.cljs b/src/main/cljs/dda/c4k_jitsi/browser.cljs index 6dfb050..9493ba6 100644 --- a/src/main/cljs/dda/c4k_jitsi/browser.cljs +++ b/src/main/cljs/dda/c4k_jitsi/browser.cljs @@ -1,24 +1,37 @@ (ns dda.c4k-jitsi.browser (:require [clojure.tools.reader.edn :as edn] - [dda.c4k-jitsi.core :as core] - [dda.c4k-jitsi.jitsi :as jitsi] + [dda.c4k-common.monitoring :as mon] + [dda.c4k-common.common :as cm] [dda.c4k-common.browser :as br] - [dda.c4k-common.postgres :as pgc])) + [dda.c4k-jitsi.core :as core] + [dda.c4k-jitsi.jitsi :as jitsi])) -(defn generate-content - [] - (into [] (concat [(assoc (br/generate-needs-validation) :content - (into [] (concat (br/generate-input-field "fqdn" "Your fqdn:" "jitsi.prod.meissa-gmbh.de") - (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "") - [(br/generate-br)] - (br/generate-text-area "auth" "Your auth.edn:" "{:jvb-auth-password \"jitsi\" - :jicofo-auth-password \"jicofo-password\" - :jicofo-component-secret \"jicofo-component-secrect\"}" - "5") - [(br/generate-br)] - (br/generate-button "generate-button" "Generate c4k yaml"))))] - (br/generate-output "c4k-jitsi-output" "Your c4k deployment.yaml:" "25")))) +(defn generate-content [] + (cm/concat-vec + [(assoc + (br/generate-needs-validation) :content + (cm/concat-vec + (br/generate-group + "domain" + (cm/concat-vec + (br/generate-input-field "fqdn" "Your fqdn:" "jitsi.prod.meissa-gmbh.de") + (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "") + (br/generate-input-field "mon-cluster-name" "(Optional) monitoring cluster name:" "jitsi") + (br/generate-input-field "mon-cluster-stage" "(Optional) monitoring cluster stage:" "test") + (br/generate-input-field "mon-cloud-url" "(Optional) grafana cloud url:" "https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push") + )) + (br/generate-group + "credentials" + (br/generate-text-area "auth" "Your auth.edn:" "{:jvb-auth-password \"jitsi\" + :jicofo-auth-password \"jicofo-password\" + :jicofo-component-secret \"jicofo-component-secrect\" + :mon-auth {:grafana-cloud-user \"your-user-id\" + :grafana-cloud-password \"your-cloud-password\"}}}" + "5")) + [(br/generate-br)] + (br/generate-button "generate-button" "Generate c4k yaml")))] + (br/generate-output "c4k-jitsi-output" "Your c4k deployment.yaml:" "25"))) (defn generate-content-div [] @@ -28,16 +41,26 @@ (generate-content)}) (defn config-from-document [] - (let [issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)] + (let [issuer (br/get-content-from-element "issuer" :optional true) + mon-cluster-name (br/get-content-from-element "mon-cluster-name" :optional true) + mon-cluster-stage (br/get-content-from-element "mon-cluster-stage" :optional true :deserializer keyword) + mon-cloud-url (br/get-content-from-element "mon-cloud-url" :optional true)] (merge {:fqdn (br/get-content-from-element "fqdn")} (when (some? issuer) {:issuer issuer}) + (when (some? mon-cluster-name) + {:mon-cfg {:cluster-name mon-cluster-name + :cluster-stage (keyword mon-cluster-stage) + :grafana-cloud-url mon-cloud-url}}) ))) (defn validate-all! [] (br/validate! "fqdn" ::jitsi/fqdn) - (br/validate! "issuer" ::jitsi/issuer :optional true :deserializer keyword) + (br/validate! "issuer" ::jitsi/issuer :optional true) + (br/validate! "mon-cluster-name" ::mon/cluster-name :optional true) + (br/validate! "mon-cluster-stage" ::mon/cluster-stage :optional true :deserializer keyword) + (br/validate! "mon-cloud-url" ::mon/grafana-cloud-url :optional true) (br/validate! "auth" core/auth? :deserializer edn/read-string) (br/set-validated!)) @@ -52,10 +75,15 @@ (.getElementById "generate-button") (.addEventListener "click" #(do (validate-all!) - (-> (core/generate + (-> (cm/generate-common (config-from-document) - (br/get-content-from-element "auth" :deserializer edn/read-string)) + (br/get-content-from-element "auth" :deserializer edn/read-string) + {} + core/k8s-objects) (br/set-output!))))) - (add-validate-listener "fqdn") + (add-validate-listener "fqdn") (add-validate-listener "issuer") + (add-validate-listener "mon-cluster-name") + (add-validate-listener "mon-cluster-stage") + (add-validate-listener "mon-cloud-url") (add-validate-listener "auth")) \ No newline at end of file diff --git a/src/main/resources/jitsi/certificate-etherpad.yaml b/src/main/resources/jitsi/certificate-etherpad.yaml deleted file mode 100644 index ce0745a..0000000 --- a/src/main/resources/jitsi/certificate-etherpad.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: etherpad-cert - namespace: default -spec: - secretName: etherpad-cert - commonName: REPLACE_ETHERPAD_FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - REPLACE_ETHERPAD_FQDN - issuerRef: - name: REPLACEME - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/jitsi/certificate-jitsi.yaml b/src/main/resources/jitsi/certificate-jitsi.yaml deleted file mode 100644 index a674641..0000000 --- a/src/main/resources/jitsi/certificate-jitsi.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: jitsi-cert - namespace: default -spec: - secretName: jitsi-cert - commonName: REPLACE_JITSI_FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - REPLACE_JITSI_FQDN - issuerRef: - name: REPLACEME - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/jitsi/ingress-etherpad.yaml b/src/main/resources/jitsi/ingress-etherpad.yaml deleted file mode 100644 index 1a11027..0000000 --- a/src/main/resources/jitsi/ingress-etherpad.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: etherpad - annotations: - cert-manager.io/cluster-issuer: REPLACEME - ingress.kubernetes.io/ssl-redirect: "true" -spec: - tls: - - hosts: - - REPLACE_ETHERPAD_FQDN - secretName: etherpad-cert - rules: - - host: REPLACE_ETHERPAD_FQDN - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: etherpad - port: - number: 9001 \ No newline at end of file diff --git a/src/main/resources/jitsi/ingress-jitsi.yaml b/src/main/resources/jitsi/ingress-jitsi.yaml deleted file mode 100644 index 0f65f3f..0000000 --- a/src/main/resources/jitsi/ingress-jitsi.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: jitsi - annotations: - cert-manager.io/cluster-issuer: REPLACEME - ingress.kubernetes.io/ssl-redirect: "true" -spec: - tls: - - hosts: - - REPLACE_JITSI_FQDN - secretName: jitsi-cert - rules: - - host: REPLACE_JITSI_FQDN - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: web - port: - number: 80 diff --git a/src/test/cljc/dda/c4k_jitsi/core_test.cljc b/src/test/cljc/dda/c4k_jitsi/core_test.cljc new file mode 100644 index 0000000..e77e1f2 --- /dev/null +++ b/src/test/cljc/dda/c4k_jitsi/core_test.cljc @@ -0,0 +1,20 @@ +(ns dda.c4k-jitsi.core-test + (:require + #?(:cljs [shadow.resource :as rc]) + #?(:clj [clojure.test :refer [deftest is are testing run-tests]] + :cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) + [clojure.spec.alpha :as s] + [dda.c4k-common.yaml :as yaml] + [dda.c4k-jitsi.core :as cut])) + +#?(:cljs + (defmethod yaml/load-resource :jitsi-test [resource-name] + (case resource-name + "jitsi-test/valid-auth.yaml" (rc/inline "jitsi-test/valid-auth.yaml") + "jitsi-test/valid-config.yaml" (rc/inline "jitsi-test/valid-config.yaml") + (throw (js/Error. "Undefined Resource!"))))) + +(deftest validate-valid-resources + (is (s/valid? cut/config? (yaml/load-as-edn "jitsi-test/valid-config.yaml"))) + (is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml"))) + ) \ No newline at end of file diff --git a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc index 07dae8a..7d1f4c1 100644 --- a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc +++ b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc @@ -5,7 +5,7 @@ [clojure.spec.test.alpha :as st] [dda.c4k-jitsi.jitsi :as cut])) -;;(st/instrument) +(st/instrument) (deftest should-generate-deployment (is (= {:apiVersion "apps/v1", @@ -37,7 +37,7 @@ :image "jitsi/prosody:stable-7287", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"} @@ -54,7 +54,7 @@ :image "domaindrivenarchitecture/c4k-jitsi", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_SERVER", :value "localhost"} {:name "JICOFO_AUTH_USER", :value "focus"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} @@ -70,14 +70,14 @@ {:name "RESOLUTION_WIDTH", :value "853"} {:name "RESOLUTION_WIDTH_MIN", :value "427"} {:name "DISABLE_AUDIO_LEVELS", :value "true"} - {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy/p/"}]} + {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}]} {:name "jvb", :image "jitsi/jvb:stable-7287", :imagePullPolicy "IfNotPresent", :env - [{:name "PUBLIC_URL", :value "xy"} + [{:name "PUBLIC_URL", :value "xy.xy.xy"} {:name "XMPP_SERVER", :value "localhost"} - {:name "DOCKER_HOST_ADDRESS", :value "xy"} + {:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} @@ -102,45 +102,7 @@ {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "TZ", :value "Europe/Berlin"}]}]}}}} - (cut/generate-deployment {:fqdn "xy"})))) - -(deftest should-generate-ingress-jitsi - (is (= {:apiVersion "networking.k8s.io/v1", - :kind "Ingress", - :metadata - {:name "jitsi", - :annotations - {:cert-manager.io/cluster-issuer "staging", - :ingress.kubernetes.io/ssl-redirect "true", - :kubernetes.io/ingress.class ""}}, - :spec - {:tls [{:hosts ["test.com"], :secretName "jitsi-cert"}], - :rules - [{:host "test.com", - :http {:paths [{:path "/", :pathType "Prefix", :backend {:service {:name "web", :port {:number 80}}}}]}}]}} - (cut/generate-ingress-jitsi {:fqdn "test.com" :issuer :staging})))) - -(deftest should-generate-ingress-etherpad - (is (= {:apiVersion "networking.k8s.io/v1", - :kind "Ingress", - :metadata - {:name "etherpad", - :annotations - {:cert-manager.io/cluster-issuer "staging", - :ingress.kubernetes.io/ssl-redirect "true", - :kubernetes.io/ingress.class ""}}, - :spec - {:tls [{:hosts ["etherpad.test.com"], :secretName "etherpad-cert"}], - :rules - [{:host "etherpad.test.com", - :http - {:paths - [{:path "/", - :pathType "Prefix", - :backend - {:service {:name "etherpad", :port {:number 9001}}}}]}}]}} - (cut/generate-ingress-etherpad {:fqdn "test.com" :issuer :staging})))) - + (cut/generate-deployment {:fqdn "xy.xy.xy"})))) (deftest should-generate-secret (is (= {:apiVersion "v1", diff --git a/src/test/resources/jitsi-test/valid-auth.yaml b/src/test/resources/jitsi-test/valid-auth.yaml new file mode 100644 index 0000000..1a0c8ea --- /dev/null +++ b/src/test/resources/jitsi-test/valid-auth.yaml @@ -0,0 +1,6 @@ +jvb-auth-password: "JvbAuth" +jicofo-auth-password: "JicofoAuth" +jicofo-component-secret: "JicofoCompSec" +mon-auth: + grafana-cloud-user: "user" + grafana-cloud-password: "password" diff --git a/src/test/resources/jitsi-test/valid-config.yaml b/src/test/resources/jitsi-test/valid-config.yaml new file mode 100644 index 0000000..47a28a0 --- /dev/null +++ b/src/test/resources/jitsi-test/valid-config.yaml @@ -0,0 +1,6 @@ +fqdn: "jitsi.test.meissa-gmbh.de" +issuer: "staging" +mon-cfg: + grafana-cloud-url: "url-for-your-prom-remote-write-endpoint" + cluster-name: "jitsi" + cluster-stage: "test" diff --git a/test.yaml b/test.yaml deleted file mode 100644 index 42c9e58..0000000 --- a/test.yaml +++ /dev/null @@ -1,216 +0,0 @@ -kind: Ingress -apiVersion: networking.k8s.io/v1 -metadata: - name: jitsi - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging-issuer - kubernetes.io/ingress.class: '' -spec: - tls: - - hosts: - - jitsi.test.meissa-gmbh.de - secretName: tls-jitsi - rules: - - host: jitsi.test.meissa-gmbh.de - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: web - port: - number: 80 - ---- -apiVersion: v1 -kind: Secret -metadata: - name: jitsi-config -type: Opaque -data: - JVB_AUTH_PASSWORD: SnZiQXV0aA== - JICOFO_AUTH_PASSWORD: Smljb2ZvQXV0aA== - JICOFO_COMPONENT_SECRET: Smljb2ZvQ29tcFNlYw== - ---- -- apiVersion: v1 - kind: Service - metadata: - labels: - service: jvb - name: jvb-udp - spec: - type: NodePort - externalTrafficPolicy: Cluster - ports: - - port: 30300 - protocol: UDP - targetPort: 30300 - nodePort: 30300 - selector: - app: jitsi -- apiVersion: v1 - kind: Service - metadata: - labels: - service: web - name: web - spec: - ports: - - name: http - port: 80 - targetPort: 80 - - name: https - port: 443 - targetPort: 443 - selector: - app: jitsi -- apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app: jitsi - name: jitsi - spec: - strategy: - type: Recreate - selector: - matchLabels: - app: jitsi - template: - metadata: - labels: - app: jitsi - spec: - containers: - - name: jicofo - image: jitsi/jicofo:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Berlin - - name: JVB_BREWERY_MUC - value: jvbbrewery - - name: prosody - image: jitsi/prosody:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: PUBLIC_URL - value: https://jitsi.test.meissa-gmbh.de - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JICOFO_COMPONENT_SECRET - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_COMPONENT_SECRET - - name: JVB_AUTH_USER - value: jvb - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: TZ - value: Europe/Berlin - - name: JVB_TCP_HARVESTER_DISABLED - value: 'true' - - name: web - image: jitsi/web:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: PUBLIC_URL - value: https://jitsi.test.meissa-gmbh.de - - name: XMPP_SERVER - value: localhost - - name: JICOFO_AUTH_USER - value: focus - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: XMPP_BOSH_URL_BASE - value: http://127.0.0.1:5280 - - name: XMPP_MUC_DOMAIN - value: muc.meet.jitsi - - name: TZ - value: Europe/Berlin - - name: JVB_TCP_HARVESTER_DISABLED - value: 'true' - - name: jvb - image: jitsi/jvb:stable-6826 - imagePullPolicy: IfNotPresent - env: - - name: XMPP_SERVER - value: localhost - - name: DOCKER_HOST_ADDRESS - value: localhost - - name: XMPP_DOMAIN - value: meet.jitsi - - name: XMPP_AUTH_DOMAIN - value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: JVB_STUN_SERVERS - value: stun.1und1.de:3478,stun.t-online.de:3478,stun.hosteurope.de:3478 - - name: JICOFO_AUTH_USER - value: focus - - name: JVB_TCP_HARVESTER_DISABLED - value: 'true' - - name: JVB_AUTH_USER - value: jvb - - name: JVB_PORT - value: '30300' - - name: JVB_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JVB_AUTH_PASSWORD - - name: JICOFO_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: jitsi-config - key: JICOFO_AUTH_PASSWORD - - name: JVB_BREWERY_MUC - value: jvbbrewery - - name: TZ - value: Europe/Berlin - diff --git a/valid-auth.edn b/valid-auth.edn deleted file mode 100644 index f05fae3..0000000 --- a/valid-auth.edn +++ /dev/null @@ -1,3 +0,0 @@ -{:jvb-auth-password "JvbAuth" - :jicofo-auth-password "JicofoAuth" - :jicofo-component-secret "JicofoCompSec"} diff --git a/valid-config.edn b/valid-config.edn deleted file mode 100644 index 05a2550..0000000 --- a/valid-config.edn +++ /dev/null @@ -1,2 +0,0 @@ -{:fqdn "jitsi.test.meissa-gmbh.de" - :issuer :staging}