Compare commits

...

21 commits

Author SHA1 Message Date
d8ea3da5fd bump version to: 1.3.2-SNAPSHOT 2024-08-22 17:02:39 +02:00
cd10a5673c release: 1.3.1 2024-08-22 17:02:39 +02:00
f646ac81b7 Revert spec 2024-08-22 16:41:44 +02:00
e974711923 Update spec 2024-08-09 15:44:05 +02:00
7c474c6d89 bump version to: 1.3.1-SNAPSHOT 2024-08-09 15:19:35 +02:00
12e6f97519 release: 1.3.0 2024-08-09 15:19:35 +02:00
ad82277e96 Fix monitoring not receiving config 2024-08-09 15:06:38 +02:00
05039420bd Update deps 2024-08-09 15:06:21 +02:00
d59f40a961 Don't use deprecated func 2024-08-08 14:37:43 +02:00
74beafdcfe Update build 2024-08-08 11:38:34 +02:00
fd8b1facb8 Update deps 2024-08-08 11:38:26 +02:00
9f2ee663bd Split Config and Auth 2024-08-08 11:38:16 +02:00
7ff6f20fce Merge pull request 'proper-namespace-implementation' (#2) from proper-namespace-implementation into master
Reviewed-on: #2
2024-08-07 13:15:31 +00:00
d2ca5b5442 Fix tests 2024-08-07 14:57:54 +02:00
2fba9ce1de Remove unnecessary keys 2024-08-07 14:57:47 +02:00
b7a284a2dc Dont hardcode namespace 2024-08-07 14:48:19 +02:00
f64f4f3ab5 Update functions to replace NAMESPACE 2024-08-07 14:48:04 +02:00
1429ff0058 Move default config values to config defaults
Also add spec for namespace
2024-08-07 14:30:11 +02:00
cfc679cd82 [Skip-CI] Add website to contact info 2024-08-06 13:07:34 +02:00
432d46e3e7 [Skip-CI] Remove unnecessary secondary build files 2024-07-09 10:58:17 +02:00
6199978a05 bump version to: 1.2.1-SNAPSHOT 2024-07-04 16:16:46 +02:00
11 changed files with 72 additions and 58 deletions

View file

@ -1,7 +1,7 @@
# convention 4 kubernetes: c4k-keycloak # convention 4 kubernetes: c4k-keycloak
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master) [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org) [<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
## Purpose ## Purpose
@ -43,6 +43,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
## License ## License
Copyright © 2021 meissa GmbH Copyright © 2024 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -23,8 +23,6 @@ def initialize(project):
"release_primary_build_file": "project.clj", "release_primary_build_file": "project.clj",
"release_secondary_build_files": [ "release_secondary_build_files": [
"package.json", "package.json",
"infrastructure/backup/build.py",
"infrastructure/federated/build.py",
], ],
"release_artifact_server_url": "https://repo.prod.meissa.de", "release_artifact_server_url": "https://repo.prod.meissa.de",
"release_organisation": "meissa", "release_organisation": "meissa",
@ -102,6 +100,12 @@ def package_frontend(project):
@task @task
def package_uberjar(project): def package_uberjar(project):
run("mkdir -p target/uberjar", shell=True, check=True)
run(
"lein uberjar",
shell=True,
check=True,
)
run( run(
"sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256", "sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
shell=True, shell=True,
@ -128,13 +132,10 @@ def package_native(project):
"--no-server " + "--no-server " +
"--no-fallback " + "--no-fallback " +
"--features=clj_easy.graal_build_time.InitClojureClasses " + "--features=clj_easy.graal_build_time.InitClojureClasses " +
"-jar target/uberjar/" + project.name + "-standalone.jar " + f"-jar target/uberjar/{project.name}-standalone.jar " +
"-march=compatibility " +
"-H:+UnlockExperimentalVMOptions " +
"-H:IncludeResources=.*.yaml " + "-H:IncludeResources=.*.yaml " +
"-H:IncludeResources=logback.xml " +
"-H:Log=registerResource:verbose " + "-H:Log=registerResource:verbose " +
"-H:Name=target/graalvm/" + project.name + "", f"-H:Name=target/graalvm/{project.name}",
shell=True, shell=True,
check=True, check=True,
) )
@ -152,11 +153,7 @@ def package_native(project):
@task @task
def inst(project): def inst(project):
run( package_uberjar(project)
"lein uberjar",
shell=True,
check=True,
)
package_native(project) package_native(project)
run( run(
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar", "sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
@ -177,11 +174,6 @@ def upload_clj(project):
@task @task
def lint(project): def lint(project):
#run(
# "lein eastwood",
# shell=True,
# check=True,
#)
run( run(
"lein ancient check", "lein ancient check",
shell=True, shell=True,

View file

@ -2,7 +2,7 @@
"name": "c4k-keycloak", "name": "c4k-keycloak",
"description": "Generate c4k yaml for a keycloak deployment.", "description": "Generate c4k yaml for a keycloak deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "1.2.0", "version": "1.3.2-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme",
"repository": "https://www.npmjs.com/package/c4k-keycloak", "repository": "https://www.npmjs.com/package/c4k-keycloak",
"license": "APACHE2", "license": "APACHE2",

View file

@ -1,11 +1,11 @@
(defproject org.domaindrivenarchitecture/c4k-keycloak "1.2.0" (defproject org.domaindrivenarchitecture/c4k-keycloak "1.3.2-SNAPSHOT"
:description "keycloak c4k-installation package" :description "keycloak c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.3"] :dependencies [[org.clojure/clojure "1.11.4"]
[org.clojure/tools.reader "1.4.2"] [org.clojure/tools.reader "1.5.0"]
[org.domaindrivenarchitecture/c4k-common-clj "6.4.1"]] [org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
"src/main/clj"] "src/main/clj"]
@ -22,9 +22,9 @@
:main dda.c4k-keycloak.uberjar :main dda.c4k-keycloak.uberjar
:uberjar-name "c4k-keycloak-standalone.jar" :uberjar-name "c4k-keycloak-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"] :dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.6" [ch.qos.logback/logback-classic "1.5.7"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.13"] [org.slf4j/jcl-over-slf4j "2.0.16"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}} [com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]

View file

@ -7,10 +7,11 @@
(set! *warn-on-reflection* true) (set! *warn-on-reflection* true)
(defn -main [& cmd-args] (defn -main [& cmd-args]
(uberjar/main-common (uberjar/main-cm
"c4k-keycloak" "c4k-keycloak"
core/config? core/config?
core/auth? core/auth?
core/config-defaults core/config-defaults
core/k8s-objects core/config-objects
core/auth-objects
cmd-args)) cmd-args))

View file

@ -13,34 +13,45 @@
(def default-storage-class :local-path) (def default-storage-class :local-path)
(def config-defaults {:issuer "staging"}) (def config-defaults {:issuer "staging",
:namespace "keycloak"
:postgres-image "postgres:14"
:postgres-size :2gb
:db-name "keycloak"
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class})
(def config? (s/keys :req-un [::kc/fqdn] (def config? (s/keys :req-un [::kc/fqdn]
:opt-un [::kc/issuer :opt-un [::kc/issuer
::mon/mon-cfg])) ::mon/mon-cfg
::kc/namespace]))
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
::postgres/postgres-db-user ::postgres/postgres-db-password] ::postgres/postgres-db-user ::postgres/postgres-db-password]
:opt-un [::mon/mon-auth])) :opt-un [::mon/mon-auth]))
(defn-spec k8s-objects cp/map-or-seq? (defn-spec config-objects cp/map-or-seq?
[config config?]
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(ns/generate config)
(postgres/generate-config config)
[(kc/generate-service config)
(kc/generate-deployment config)]
(kc/generate-ingress config)
(when (contains? config :mon-cfg)
(mon/generate-config))))))
(defn-spec auth-objects cp/map-or-seq?
[config config? [config config?
auth auth?] auth auth?]
(map yaml/to-string (map yaml/to-string
(filter (filter
#(not (nil? %)) #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(ns/generate (merge {:namespace "keycloak"} config)) (postgres/generate-auth config auth)
(postgres/generate (merge {:postgres-image "postgres:14" [(kc/generate-secret config auth)]
:postgres-size :2gb (when (and (contains? auth :mon-auth) (contains? config :mon-cfg))
:db-name "keycloak" (mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class
:namespace "keycloak"})
auth)
[(kc/generate-secret auth)
(kc/generate-service)
(kc/generate-deployment config)]
(kc/generate-ingress (merge {:namespace "keycloak"} config))
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -11,12 +11,14 @@
[dda.c4k-common.predicate :as cp])) [dda.c4k-common.predicate :as cp]))
(s/def ::fqdn cp/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::namespace string?)
(s/def ::issuer cp/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::keycloak-admin-user cp/bash-env-string?) (s/def ::keycloak-admin-user cp/bash-env-string?)
(s/def ::keycloak-admin-password cp/bash-env-string?) (s/def ::keycloak-admin-password cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer])) :opt-un [::issuer
::namespace]))
(def auth? (s/keys :req-un [::keycloak-admin-user (def auth? (s/keys :req-un [::keycloak-admin-user
::keycloak-admin-password])) ::keycloak-admin-password]))
@ -35,20 +37,28 @@
config))) config)))
(defn-spec generate-secret cp/map-or-seq? (defn-spec generate-secret cp/map-or-seq?
[auth auth?] [config config?
(let [{:keys [keycloak-admin-user keycloak-admin-password]} auth] auth auth?]
(let [{:keys [namespace]} config
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(-> (->
(yaml/load-as-edn "keycloak/secret.yaml") (yaml/load-as-edn "keycloak/secret.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user)) (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password))))) (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
(defn-spec generate-service cp/map-or-seq? [] (defn-spec generate-service cp/map-or-seq?
(yaml/load-as-edn "keycloak/service.yaml")) [config config?]
(let [{:keys [namespace]} config]
(->
(yaml/load-as-edn "keycloak/service.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
(defn-spec generate-deployment cp/map-or-seq? (defn-spec generate-deployment cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn namespace]} config]
(-> (->
(yaml/load-as-edn "keycloak/deployment.yaml") (yaml/load-as-edn "keycloak/deployment.yaml")
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) (cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching "FQDN" fqdn))))

View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: keycloak name: keycloak
namespace: keycloak namespace: NAMESPACE
labels: labels:
app: keycloak app: keycloak
spec: spec:

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: keycloak-secret name: keycloak-secret
namespace: keycloak namespace: NAMESPACE
type: Opaque type: Opaque
data: data:
keycloak-user: admin keycloak-user: admin

View file

@ -4,7 +4,7 @@ metadata:
name: keycloak name: keycloak
labels: labels:
service: keycloak service: keycloak
namespace: keycloak namespace: NAMESPACE
spec: spec:
ports: ports:
- name: "http" - name: "http"

View file

@ -15,7 +15,7 @@
:data :data
{:keycloak-user "dXNlcg==" {:keycloak-user "dXNlcg=="
:keycloak-password "cGFzc3dvcmQ="}} :keycloak-password "cGFzc3dvcmQ="}}
(cut/generate-secret {:keycloak-admin-user "user" :keycloak-admin-password "password"})))) (cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
@ -75,4 +75,4 @@
:items :items
[{:key "tls.crt", :path "tls.crt"} [{:key "tls.crt", :path "tls.crt"}
{:key "tls.key", :path "tls.key"}]}}]}}}} {:key "tls.key", :path "tls.key"}]}}]}}}}
(cut/generate-deployment {:fqdn "test.de"})))) (cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))