Merge branch 'main' of gitlab.com:domaindrivenarchitecture/c4k-jitsi

This commit is contained in:
erik 2023-01-17 18:52:05 +01:00
commit b627e3d5c1
23 changed files with 180 additions and 517 deletions

View file

@ -48,7 +48,7 @@ test-schema:
stage: build_and_test stage: build_and_test
script: script:
- lein uberjar - lein uberjar
- java -jar target/uberjar/c4k-jitsi-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate - - java -jar target/uberjar/c4k-jitsi-standalone.jar src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
artifacts: artifacts:
paths: paths:
- target/uberjar - target/uberjar

View file

@ -25,8 +25,8 @@ Your input will stay in your browser. No server interaction is required.
You will also be able to try out on cli: You will also be able to try out on cli:
``` ```
target/graalvm/c4k-jitsi src/test/resources/valid-config.edn src/test/resources/valid-auth.edn | kubeval - target/graalvm/c4k-jitsi src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubeval -
target/graalvm/c4k-jitsi src/test/resources/valid-config.edn src/test/resources/valid-auth.edn | kubectl apply -f - target/graalvm/c4k-jitsi src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubectl apply -f -
``` ```
## Documentation ## Documentation

View file

@ -1,9 +0,0 @@
#!/bin/bash
if [ $# != 4 ]
then
echo "expected 4 arguments (webserver-pod-name, username, email, password)"
exit -1
fi
kubectl exec $1 -- python3 manage.py shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$2', '$3', '$4')"

View file

@ -45,7 +45,7 @@ output "ipv4" {
## k8s minicluster ## k8s minicluster
For k8s installation we use our [dda-k8s-crate](https://github.com/DomainDrivenArchitecture/dda-k8s-crate) with the following configuation: For k8s installation we use our [provs](https://repo.prod.meissa.de/meissa/provs) with the following configuation:
``` ```
@ -69,5 +69,5 @@ with the following config.edn:
``` ```
{:fqdn "the-fqdn-from aws_route53_record.v4_neu" {:fqdn "the-fqdn-from aws_route53_record.v4_neu"
:postgres-data-volume-path "/var/postgres" ;; Volume was configured at dda-k8s-crate, results in a PersistentVolume definition. :postgres-data-volume-path "/var/postgres" ;; Volume was configured at dda-k8s-crate, results in a PersistentVolume definition.
:issuer :prod } :issuer "prod" }
``` ```

Binary file not shown.

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 83 KiB

View file

@ -2,7 +2,7 @@
"name": "c4k-jitsi", "name": "c4k-jitsi",
"description": "Generate c4k yaml for a jitsi deployment.", "description": "Generate c4k yaml for a jitsi deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "1.2.2-SNAPSHOT", "version": "1.3.2",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-jitsi#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-jitsi#readme",
"repository": "https://www.npmjs.com/package/c4k-jitsi", "repository": "https://www.npmjs.com/package/c4k-jitsi",
"license": "APACHE2", "license": "APACHE2",

View file

@ -1,11 +1,11 @@
(defproject org.domaindrivenarchitecture/c4k-jitsi "1.2.2-SNAPSHOT" (defproject org.domaindrivenarchitecture/c4k-jitsi "1.3.3-SNAPSHOT"
:description "jitsi c4k-installation package" :description "jitsi c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.10.3"] :dependencies [[org.clojure/clojure "1.11.1"]
[org.clojure/tools.reader "1.3.6"] [org.clojure/tools.reader "1.3.6"]
[org.domaindrivenarchitecture/c4k-common-clj "2.1.0"] [org.domaindrivenarchitecture/c4k-common-clj "5.0.1"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
@ -22,10 +22,10 @@
:uberjar {:aot :all :uberjar {:aot :all
:main dda.c4k-jitsi.uberjar :main dda.c4k-jitsi.uberjar
:uberjar-name "c4k-jitsi-standalone.jar" :uberjar-name "c4k-jitsi-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.206"] :dependencies [[org.clojure/tools.cli "1.0.214"]
[ch.qos.logback/logback-classic "1.3.0-alpha4" [ch.qos.logback/logback-classic "1.4.5"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}} [org.slf4j/jcl-over-slf4j "2.0.6"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]
["change" "version" "leiningen.release/bump-version" "release"] ["change" "version" "leiningen.release/bump-version" "release"]

View file

@ -4,7 +4,7 @@
"src/test/cljc" "src/test/cljc"
"src/test/cljs" "src/test/cljs"
"src/test/resources"] "src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "1.0.0"] :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "5.0.1"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:builds {:frontend {:target :browser :builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-jitsi.browser/init}} :modules {:main {:init-fn dda.c4k-jitsi.browser/init}}

View file

@ -1,56 +1,14 @@
(ns dda.c4k-jitsi.uberjar (ns dda.c4k-jitsi.uberjar
(:gen-class) (:gen-class)
(:require (:require
[clojure.spec.alpha :as s] [dda.c4k-common.uberjar :as uberjar]
[clojure.string :as cs]
[clojure.tools.reader.edn :as edn]
[expound.alpha :as expound]
[dda.c4k-jitsi.core :as core])) [dda.c4k-jitsi.core :as core]))
(def usage
"usage:
c4k-jitsi {your configuraton file} {your authorization file}")
(s/def ::options (s/* #{"-h"}))
(s/def ::filename (s/and string?
#(not (cs/starts-with? % "-"))))
(s/def ::cmd-args (s/cat :options ::options
:args (s/?
(s/cat :config ::filename
:auth ::filename))))
(defn expound-config
[config]
(expound/expound ::core/config config))
(defn invalid-args-msg
[spec args]
(s/explain spec args)
(println (str "Bad commandline arguments\n" usage)))
(defn -main [& cmd-args] (defn -main [& cmd-args]
(let [parsed-args-cmd (s/conform ::cmd-args cmd-args)] (uberjar/main-common
(if (= ::s/invalid parsed-args-cmd) "c4k-jitsi"
(invalid-args-msg ::cmd-args cmd-args) core/config?
(let [{:keys [options args]} parsed-args-cmd core/auth?
{:keys [config auth]} args] core/config-defaults
(cond core/k8s-objects
(some #(= "-h" %) options) cmd-args))
(println usage)
:default
(let [config-str (slurp config)
auth-str (slurp auth)
config-edn (edn/read-string config-str)
auth-edn (edn/read-string auth-str)
config-valid? (s/valid? core/config? config-edn)
auth-valid? (s/valid? core/auth? auth-edn)]
(if (and config-valid? auth-valid?)
(println (core/generate config-edn auth-edn))
(do
(when (not config-valid?)
(println
(expound/expound-str core/config? config-edn {:print-specs? false})))
(when (not auth-valid?)
(println
(expound/expound-str core/auth? auth-edn {:print-specs? false})))))))))))

View file

@ -1,35 +1,41 @@
(ns dda.c4k-jitsi.core (ns dda.c4k-jitsi.core
(:require (:require
[clojure.string :as cs]
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:clj [orchestra.core :refer [defn-spec]] #?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]]) :cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-jitsi.jitsi :as jitsi])) [dda.c4k-jitsi.jitsi :as jitsi]))
(def config-defaults {:issuer :staging}) (def config-defaults {:issuer "staging"})
(s/def ::mon-cfg mon/config?)
(s/def ::mon-auth mon/auth?)
(def config? (s/keys :req-un [::jitsi/fqdn] (def config? (s/keys :req-un [::jitsi/fqdn]
:opt-un [::jitsi/issuer ::jitsi/ingress-type])) :opt-un [::jitsi/issuer
::mon-cfg]))
(def auth? (s/keys :req-un [::jitsi/jvb-auth-password ::jitsi/jicofo-auth-password ::jitsi/jicofo-component-secret])) (def auth? (s/keys :req-un [::jitsi/jvb-auth-password
::jitsi/jicofo-auth-password
::jitsi/jicofo-component-secret]
:opt-un [::mon-auth]))
(defn k8s-objects [config] (defn-spec k8s-objects cp/map-or-seq?
[config config?
auth auth?]
(map yaml/to-string (map yaml/to-string
[(jitsi/generate-secret-jitsi config) (filter
(jitsi/generate-certificate-jitsi config) #(not (nil? %))
(jitsi/generate-certificate-etherpad config) (cm/concat-vec
[(jitsi/generate-secret-jitsi auth)
(jitsi/generate-jvb-service) (jitsi/generate-jvb-service)
(jitsi/generate-web-service) (jitsi/generate-web-service)
(jitsi/generate-etherpad-service) (jitsi/generate-etherpad-service)
(jitsi/generate-ingress-jitsi config) (jitsi/generate-deployment config)]
(jitsi/generate-ingress-web config)
(jitsi/generate-ingress-etherpad config) (jitsi/generate-ingress-etherpad config)
(jitsi/generate-deployment config)])) (when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
(defn-spec generate any?
[my-config config?
my-auth auth?]
(let [resulting-config (merge config-defaults my-config my-auth)]
(cs/join
"\n---\n"
(k8s-objects resulting-config))))

View file

@ -2,95 +2,78 @@
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred])) [dda.c4k-common.predicate :as cp]))
(s/def ::fqdn pred/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::jvb-auth-password pred/bash-env-string?) (s/def ::jvb-auth-password cp/bash-env-string?)
(s/def ::jicofo-auth-password pred/bash-env-string?) (s/def ::jicofo-auth-password cp/bash-env-string?)
(s/def ::jicofo-component-secret pred/bash-env-string?) (s/def ::jicofo-component-secret cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer]))
(def auth? (s/keys :req-un [::jvb-auth-password
::jicofo-auth-password
::jicofo-component-secret]))
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :jitsi [resource-name] (defmethod yaml/load-resource :jitsi [resource-name]
(case resource-name (case resource-name
"jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml") "jitsi/deployment.yaml" (rc/inline "jitsi/deployment.yaml")
"jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml") "jitsi/etherpad-service.yaml" (rc/inline "jitsi/etherpad-service.yaml")
"jitsi/ingress-jitsi.yaml" (rc/inline "jitsi/ingress-jitsi.yaml")
"jitsi/ingress-etherpad.yaml" (rc/inline "jitsi/ingress-etherpad.yaml")
"jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml") "jitsi/jvb-service.yaml" (rc/inline "jitsi/jvb-service.yaml")
"jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml") "jitsi/secret.yaml" (rc/inline "jitsi/secret.yaml")
"jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml") "jitsi/web-service.yaml" (rc/inline "jitsi/web-service.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
(defn generate-ingress-jitsi [config] (defn-spec generate-ingress-web cp/map-or-seq?
(let [{:keys [fqdn issuer ingress-type] [config config?]
:or {issuer :staging ingress-type :default}} config (ing/generate-ingress-and-cert
letsencrypt-issuer (name issuer) (merge
ingress-kind (if (= :default ingress-type) "" (name ingress-type))] {:service-name "web"
(-> :service-port 80
(yaml/from-string (yaml/load-resource "jitsi/ingress-jitsi.yaml")) :fqdns [(:fqdn config)]}
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) config)))
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn generate-ingress-etherpad [config] (defn-spec generate-ingress-etherpad cp/map-or-seq?
(let [{:keys [fqdn issuer ingress-type] [config config?]
:or {issuer :staging ingress-type :default}} config (ing/generate-ingress-and-cert
letsencrypt-issuer (name issuer) (merge
ingress-kind (if (= :default ingress-type) "" (name ingress-type))] {:service-name "etherpad"
(-> :service-port 9001
(yaml/from-string (yaml/load-resource "jitsi/ingress-etherpad.yaml")) :fqdns [(str "etherpad." (:fqdn config))]}
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) config)))
(assoc-in [:metadata :annotations :kubernetes.io/ingress.class] ingress-kind)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN"
(str "etherpad." fqdn)))))
(defn generate-secret-jitsi [config] (defn-spec generate-secret-jitsi cp/map-or-seq?
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} config] [auth auth?]
(let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/secret.yaml")) (yaml/from-string (yaml/load-resource "jitsi/secret.yaml"))
(cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)) (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password))
(cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password)) (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
(cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret))))) (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))))
(defn generate-jvb-service [] (defn-spec generate-jvb-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml"))) (yaml/from-string (yaml/load-resource "jitsi/jvb-service.yaml")))
(defn generate-web-service [] (defn-spec generate-web-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/web-service.yaml"))) (yaml/load-as-edn "jitsi/web-service.yaml"))
(defn generate-etherpad-service [] (defn-spec generate-etherpad-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "jitsi/etherpad-service.yaml"))) (yaml/load-as-edn "jitsi/etherpad-service.yaml"))
(defn generate-deployment [config] (defn-spec generate-deployment cp/map-or-seq?
[config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn]} config]
(-> (->
(yaml/from-string (yaml/load-resource "jitsi/deployment.yaml")) (yaml/load-as-edn "jitsi/deployment.yaml")
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL" (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL"
(str "https://etherpad." fqdn "/p/"))))) (str "https://etherpad." fqdn "/p/")))))
(defn generate-certificate-jitsi
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-jitsi.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
(defn generate-certificate-etherpad
[config]
(let [{:keys [fqdn issuer ingress-type]
:or {issuer :staging ingress-type :default}} config
letsencrypt-issuer (name issuer)
ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
(->
(yaml/load-as-edn "jitsi/certificate-etherpad.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn)))))

View file

@ -1,24 +1,37 @@
(ns dda.c4k-jitsi.browser (ns dda.c4k-jitsi.browser
(:require (:require
[clojure.tools.reader.edn :as edn] [clojure.tools.reader.edn :as edn]
[dda.c4k-jitsi.core :as core] [dda.c4k-common.monitoring :as mon]
[dda.c4k-jitsi.jitsi :as jitsi] [dda.c4k-common.common :as cm]
[dda.c4k-common.browser :as br] [dda.c4k-common.browser :as br]
[dda.c4k-common.postgres :as pgc])) [dda.c4k-jitsi.core :as core]
[dda.c4k-jitsi.jitsi :as jitsi]))
(defn generate-content (defn generate-content []
[] (cm/concat-vec
(into [] (concat [(assoc (br/generate-needs-validation) :content [(assoc
(into [] (concat (br/generate-input-field "fqdn" "Your fqdn:" "jitsi.prod.meissa-gmbh.de") (br/generate-needs-validation) :content
(cm/concat-vec
(br/generate-group
"domain"
(cm/concat-vec
(br/generate-input-field "fqdn" "Your fqdn:" "jitsi.prod.meissa-gmbh.de")
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "") (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
[(br/generate-br)] (br/generate-input-field "mon-cluster-name" "(Optional) monitoring cluster name:" "jitsi")
(br/generate-input-field "mon-cluster-stage" "(Optional) monitoring cluster stage:" "test")
(br/generate-input-field "mon-cloud-url" "(Optional) grafana cloud url:" "https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push")
))
(br/generate-group
"credentials"
(br/generate-text-area "auth" "Your auth.edn:" "{:jvb-auth-password \"jitsi\" (br/generate-text-area "auth" "Your auth.edn:" "{:jvb-auth-password \"jitsi\"
:jicofo-auth-password \"jicofo-password\" :jicofo-auth-password \"jicofo-password\"
:jicofo-component-secret \"jicofo-component-secrect\"}" :jicofo-component-secret \"jicofo-component-secrect\"
"5") :mon-auth {:grafana-cloud-user \"your-user-id\"
:grafana-cloud-password \"your-cloud-password\"}}}"
"5"))
[(br/generate-br)] [(br/generate-br)]
(br/generate-button "generate-button" "Generate c4k yaml"))))] (br/generate-button "generate-button" "Generate c4k yaml")))]
(br/generate-output "c4k-jitsi-output" "Your c4k deployment.yaml:" "25")))) (br/generate-output "c4k-jitsi-output" "Your c4k deployment.yaml:" "25")))
(defn generate-content-div (defn generate-content-div
[] []
@ -28,16 +41,26 @@
(generate-content)}) (generate-content)})
(defn config-from-document [] (defn config-from-document []
(let [issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)] (let [issuer (br/get-content-from-element "issuer" :optional true)
mon-cluster-name (br/get-content-from-element "mon-cluster-name" :optional true)
mon-cluster-stage (br/get-content-from-element "mon-cluster-stage" :optional true :deserializer keyword)
mon-cloud-url (br/get-content-from-element "mon-cloud-url" :optional true)]
(merge (merge
{:fqdn (br/get-content-from-element "fqdn")} {:fqdn (br/get-content-from-element "fqdn")}
(when (some? issuer) (when (some? issuer)
{:issuer issuer}) {:issuer issuer})
(when (some? mon-cluster-name)
{:mon-cfg {:cluster-name mon-cluster-name
:cluster-stage (keyword mon-cluster-stage)
:grafana-cloud-url mon-cloud-url}})
))) )))
(defn validate-all! [] (defn validate-all! []
(br/validate! "fqdn" ::jitsi/fqdn) (br/validate! "fqdn" ::jitsi/fqdn)
(br/validate! "issuer" ::jitsi/issuer :optional true :deserializer keyword) (br/validate! "issuer" ::jitsi/issuer :optional true)
(br/validate! "mon-cluster-name" ::mon/cluster-name :optional true)
(br/validate! "mon-cluster-stage" ::mon/cluster-stage :optional true :deserializer keyword)
(br/validate! "mon-cloud-url" ::mon/grafana-cloud-url :optional true)
(br/validate! "auth" core/auth? :deserializer edn/read-string) (br/validate! "auth" core/auth? :deserializer edn/read-string)
(br/set-validated!)) (br/set-validated!))
@ -52,10 +75,15 @@
(.getElementById "generate-button") (.getElementById "generate-button")
(.addEventListener "click" (.addEventListener "click"
#(do (validate-all!) #(do (validate-all!)
(-> (core/generate (-> (cm/generate-common
(config-from-document) (config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string)) (br/get-content-from-element "auth" :deserializer edn/read-string)
{}
core/k8s-objects)
(br/set-output!))))) (br/set-output!)))))
(add-validate-listener "fqdn") (add-validate-listener "fqdn")
(add-validate-listener "issuer") (add-validate-listener "issuer")
(add-validate-listener "mon-cluster-name")
(add-validate-listener "mon-cluster-stage")
(add-validate-listener "mon-cloud-url")
(add-validate-listener "auth")) (add-validate-listener "auth"))

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etherpad-cert
namespace: default
spec:
secretName: etherpad-cert
commonName: REPLACE_ETHERPAD_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_ETHERPAD_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jitsi-cert
namespace: default
spec:
secretName: jitsi-cert
commonName: REPLACE_JITSI_FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- REPLACE_JITSI_FQDN
issuerRef:
name: REPLACEME
kind: ClusterIssuer

View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: etherpad
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_ETHERPAD_FQDN
secretName: etherpad-cert
rules:
- host: REPLACE_ETHERPAD_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: etherpad
port:
number: 9001

View file

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: REPLACEME
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- REPLACE_JITSI_FQDN
secretName: jitsi-cert
rules:
- host: REPLACE_JITSI_FQDN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80

View file

@ -0,0 +1,20 @@
(ns dda.c4k-jitsi.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-jitsi.core :as cut]))
#?(:cljs
(defmethod yaml/load-resource :jitsi-test [resource-name]
(case resource-name
"jitsi-test/valid-auth.yaml" (rc/inline "jitsi-test/valid-auth.yaml")
"jitsi-test/valid-config.yaml" (rc/inline "jitsi-test/valid-config.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "jitsi-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "jitsi-test/valid-auth.yaml")))
)

View file

@ -5,7 +5,7 @@
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.c4k-jitsi.jitsi :as cut])) [dda.c4k-jitsi.jitsi :as cut]))
;;(st/instrument) (st/instrument)
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
@ -37,7 +37,7 @@
:image "jitsi/prosody:stable-7287", :image "jitsi/prosody:stable-7287",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"} {:name "XMPP_MUC_DOMAIN", :value "muc.meet.meissa-gmbh"}
@ -54,7 +54,7 @@
:image "domaindrivenarchitecture/c4k-jitsi", :image "domaindrivenarchitecture/c4k-jitsi",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"} {:name "XMPP_SERVER", :value "localhost"}
{:name "JICOFO_AUTH_USER", :value "focus"} {:name "JICOFO_AUTH_USER", :value "focus"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
@ -70,14 +70,14 @@
{:name "RESOLUTION_WIDTH", :value "853"} {:name "RESOLUTION_WIDTH", :value "853"}
{:name "RESOLUTION_WIDTH_MIN", :value "427"} {:name "RESOLUTION_WIDTH_MIN", :value "427"}
{:name "DISABLE_AUDIO_LEVELS", :value "true"} {:name "DISABLE_AUDIO_LEVELS", :value "true"}
{:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy/p/"}]} {:name "ETHERPAD_PUBLIC_URL", :value "https://etherpad.xy.xy.xy/p/"}]}
{:name "jvb", {:name "jvb",
:image "jitsi/jvb:stable-7287", :image "jitsi/jvb:stable-7287",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:env :env
[{:name "PUBLIC_URL", :value "xy"} [{:name "PUBLIC_URL", :value "xy.xy.xy"}
{:name "XMPP_SERVER", :value "localhost"} {:name "XMPP_SERVER", :value "localhost"}
{:name "DOCKER_HOST_ADDRESS", :value "xy"} {:name "DOCKER_HOST_ADDRESS", :value "xy.xy.xy"}
{:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"} {:name "XMPP_DOMAIN", :value "meet.meissa-gmbh"}
{:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"} {:name "XMPP_AUTH_DOMAIN", :value "auth.meet.meissa-gmbh"}
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
@ -102,45 +102,7 @@
{:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"} {:name "XMPP_INTERNAL_MUC_DOMAIN", :value "internal-muc.meet.meissa-gmbh"}
{:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}} {:name "JICOFO_AUTH_PASSWORD", :valueFrom {:secretKeyRef {:name "jitsi-config", :key "JICOFO_AUTH_PASSWORD"}}}
{:name "TZ", :value "Europe/Berlin"}]}]}}}} {:name "TZ", :value "Europe/Berlin"}]}]}}}}
(cut/generate-deployment {:fqdn "xy"})))) (cut/generate-deployment {:fqdn "xy.xy.xy"}))))
(deftest should-generate-ingress-jitsi
(is (= {:apiVersion "networking.k8s.io/v1",
:kind "Ingress",
:metadata
{:name "jitsi",
:annotations
{:cert-manager.io/cluster-issuer "staging",
:ingress.kubernetes.io/ssl-redirect "true",
:kubernetes.io/ingress.class ""}},
:spec
{:tls [{:hosts ["test.com"], :secretName "jitsi-cert"}],
:rules
[{:host "test.com",
:http {:paths [{:path "/", :pathType "Prefix", :backend {:service {:name "web", :port {:number 80}}}}]}}]}}
(cut/generate-ingress-jitsi {:fqdn "test.com" :issuer :staging}))))
(deftest should-generate-ingress-etherpad
(is (= {:apiVersion "networking.k8s.io/v1",
:kind "Ingress",
:metadata
{:name "etherpad",
:annotations
{:cert-manager.io/cluster-issuer "staging",
:ingress.kubernetes.io/ssl-redirect "true",
:kubernetes.io/ingress.class ""}},
:spec
{:tls [{:hosts ["etherpad.test.com"], :secretName "etherpad-cert"}],
:rules
[{:host "etherpad.test.com",
:http
{:paths
[{:path "/",
:pathType "Prefix",
:backend
{:service {:name "etherpad", :port {:number 9001}}}}]}}]}}
(cut/generate-ingress-etherpad {:fqdn "test.com" :issuer :staging}))))
(deftest should-generate-secret (deftest should-generate-secret
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",

View file

@ -0,0 +1,6 @@
jvb-auth-password: "JvbAuth"
jicofo-auth-password: "JicofoAuth"
jicofo-component-secret: "JicofoCompSec"
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

View file

@ -0,0 +1,6 @@
fqdn: "jitsi.test.meissa-gmbh.de"
issuer: "staging"
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "jitsi"
cluster-stage: "test"

216
test.yaml
View file

@ -1,216 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: jitsi
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
kubernetes.io/ingress.class: ''
spec:
tls:
- hosts:
- jitsi.test.meissa-gmbh.de
secretName: tls-jitsi
rules:
- host: jitsi.test.meissa-gmbh.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80
---
apiVersion: v1
kind: Secret
metadata:
name: jitsi-config
type: Opaque
data:
JVB_AUTH_PASSWORD: SnZiQXV0aA==
JICOFO_AUTH_PASSWORD: Smljb2ZvQXV0aA==
JICOFO_COMPONENT_SECRET: Smljb2ZvQ29tcFNlYw==
---
- apiVersion: v1
kind: Service
metadata:
labels:
service: jvb
name: jvb-udp
spec:
type: NodePort
externalTrafficPolicy: Cluster
ports:
- port: 30300
protocol: UDP
targetPort: 30300
nodePort: 30300
selector:
app: jitsi
- apiVersion: v1
kind: Service
metadata:
labels:
service: web
name: web
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app: jitsi
- apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: jitsi
name: jitsi
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: jitsi
template:
metadata:
labels:
app: jitsi
spec:
containers:
- name: jicofo
image: jitsi/jicofo:stable-6826
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: prosody
image: jitsi/prosody:stable-6826
imagePullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://jitsi.test.meissa-gmbh.de
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: Europe/Berlin
- name: JVB_TCP_HARVESTER_DISABLED
value: 'true'
- name: web
image: jitsi/web:stable-6826
imagePullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://jitsi.test.meissa-gmbh.de
- name: XMPP_SERVER
value: localhost
- name: JICOFO_AUTH_USER
value: focus
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: Europe/Berlin
- name: JVB_TCP_HARVESTER_DISABLED
value: 'true'
- name: jvb
image: jitsi/jvb:stable-6826
imagePullPolicy: IfNotPresent
env:
- name: XMPP_SERVER
value: localhost
- name: DOCKER_HOST_ADDRESS
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.1und1.de:3478,stun.t-online.de:3478,stun.hosteurope.de:3478
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: 'true'
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: '30300'
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: TZ
value: Europe/Berlin

View file

@ -1,3 +0,0 @@
{:jvb-auth-password "JvbAuth"
:jicofo-auth-password "JicofoAuth"
:jicofo-component-secret "JicofoCompSec"}

View file

@ -1,2 +0,0 @@
{:fqdn "jitsi.test.meissa-gmbh.de"
:issuer :staging}