Use common ingress

update the rest of keycloak.cljc
1 year ago · 45507aade6
parent c67aab1b56
commit 45507aade6
4 changed files with 43 additions and 72 deletions
--- a/src/main/cljc/dda/c4k_keycloak/core.cljc
+++ b/src/main/cljc/dda/c4k_keycloak/core.cljc
@ -12,8 +12,8 @@

 (def config-defaults {:issuer :staging})

-(def config? (s/keys :req-un [::kc/fqdn]
-                     :opt-un [::kc/issuer]))
+(def config? (s/keys :req-un [::fqdn]
+                     :opt-un [::issuer]))

 (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password]))

--- a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc
+++ b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc
@ -1,43 +1,52 @@
 (ns dda.c4k-keycloak.keycloak
 (:require
  [clojure.spec.alpha :as s]
+  #?(:cljs [shadow.resource :as rc])
+  #?(:clj [orchestra.core :refer [defn-spec]]
+     :cljs [orchestra.core :refer-macros [defn-spec]])
  [dda.c4k-common.yaml :as yaml]
+  [dda.c4k-common.common :as cm]
  [dda.c4k-common.base64 :as b64]
-  [dda.c4k-common.common :as cm]))
+  [dda.c4k-common.ingress :as ing]
+  [dda.c4k-common.predicate :as cp]))

-(s/def ::keycloak-admin-user cm/bash-env-string?)
-(s/def ::keycloak-admin-password cm/bash-env-string?)
-(s/def ::fqdn cm/fqdn-string?)
-(s/def ::issuer cm/letsencrypt-issuer?)
+(s/def ::fqdn cp/fqdn-string?)
+(s/def ::issuer cp/letsencrypt-issuer?)
+(s/def ::keycloak-admin-user cp/bash-env-string?)
+(s/def ::keycloak-admin-password cp/bash-env-string?)

-(defn generate-secret [my-auth]
-  (let [{:keys [keycloak-admin-user keycloak-admin-password]} my-auth]
+(def config? (s/keys :req-un [::fqdn]
+                     :opt-un [::issuer]))
+
+(def auth? (s/keys :req-un [::keycloak-admin-user ::keycloak-admin-password]))
+
+#?(:cljs
+   (defmethod yaml/load-resource :keycloak [resource-name]
+     (case resource-name
+       "keycloak/deployment.yaml" (rc/inline "keycloak/deployment.yaml")
+       "keycloak/secret.yaml" (rc/inline "keycloak/secret.yaml")
+       "keycloak/service.yaml" (rc/inline "keycloak/service.yaml")
+       (throw (js/Error. "Undefined Resource!")))))
+
+(defn-spec generate-ingress cp/map-or-seq?
+  [config config?]
+  (ing/generate-ingress-and-cert
+   (merge
+    {:service-name "keycloak"
+     :service-port 80
+     :fqdns [(:fqdn config)]}
+    config)))
+
+(defn-spec generate-secret cp/map-or-seq?
+  [auth auth?]
+  (let [{:keys [keycloak-admin-user keycloak-admin-password]} auth]
  (->
-   (yaml/from-string (yaml/load-resource "keycloak/secret.yaml"))
+   (yaml/load-as-edn "keycloak/secret.yaml")
   (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
   (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))

-(defn generate-deployment []
-  (yaml/from-string (yaml/load-resource "keycloak/deployment.yaml")))
-
-(defn generate-certificate [config]
-  (let [{:keys [fqdn issuer]
-         :or {issuer :staging}} config
-        letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
-    (->
-     (yaml/from-string (yaml/load-resource "keycloak/certificate.yaml"))
-     (assoc-in [:spec :commonName] fqdn)
-     (assoc-in [:spec :dnsNames] [fqdn])
-     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
-
-(defn generate-ingress [config]
-  (let [{:keys [fqdn issuer]
-         :or {issuer :staging}} config
-        letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
-    (->
-     (yaml/from-string (yaml/load-resource "keycloak/ingress.yaml"))
-     (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
-     (cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
-
-(defn generate-service []
-  (yaml/from-string (yaml/load-resource "keycloak/service.yaml")))
+(defn-spec generate-service cp/map-or-seq? []
+  (yaml/load-as-edn "keycloak/service.yaml"))
+
+(defn-spec generate-deployment cp/map-or-seq? []
+  (yaml/load-as-edn "keycloak/deployment.yaml"))
--- a/src/main/resources/keycloak/certificate.yaml
+++ b/src/main/resources/keycloak/certificate.yaml
@ -1,13 +0,0 @@
-apiVersion: cert-manager.io/v1alpha2
-kind: Certificate
-metadata:
-  name: keycloak-cert
-  namespace: default
-spec:
-  secretName: keycloak-secret
-  commonName: fqdn
-  dnsNames:
-  - fqdn
-  issuerRef:
-    name: letsencrypt-staging-issuer
-    kind: ClusterIssuer
--- a/src/main/resources/keycloak/ingress.yaml
+++ b/src/main/resources/keycloak/ingress.yaml
@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-cloud
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
-    nginx.ingress.kubernetes.io/proxy-body-size: "256m"
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
-  namespace: default
-spec:
-  tls:
-  - hosts:
-    - fqdn
-    secretName: keycloak-secret
-  rules:
-    - host: fqdn
-      http:
-        paths:
-        - backend:
-            serviceName: keycloak
-            servicePort: 8080