proper-namespace-implementation #2

Merged
patdyn merged 5 commits from proper-namespace-implementation into master 2024-08-07 13:15:32 +00:00
6 changed files with 35 additions and 24 deletions

View file

@ -13,11 +13,18 @@
(def default-storage-class :local-path) (def default-storage-class :local-path)
(def config-defaults {:issuer "staging"}) (def config-defaults {:issuer "staging",
:namespace "keycloak"
:postgres-image "postgres:14"
:postgres-size :2gb
:db-name "keycloak"
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class})
(def config? (s/keys :req-un [::kc/fqdn] (def config? (s/keys :req-un [::kc/fqdn]
:opt-un [::kc/issuer :opt-un [::kc/issuer
::mon/mon-cfg])) ::mon/mon-cfg
::kc/namespace]))
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
::postgres/postgres-db-user ::postgres/postgres-db-password] ::postgres/postgres-db-user ::postgres/postgres-db-password]
@ -30,17 +37,11 @@
(filter (filter
#(not (nil? %)) #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(ns/generate (merge {:namespace "keycloak"} config)) (ns/generate config)
(postgres/generate (merge {:postgres-image "postgres:14" (postgres/generate config auth)
:postgres-size :2gb [(kc/generate-secret config auth)
:db-name "keycloak" (kc/generate-service config)
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class
:namespace "keycloak"})
auth)
[(kc/generate-secret auth)
(kc/generate-service)
(kc/generate-deployment config)] (kc/generate-deployment config)]
(kc/generate-ingress (merge {:namespace "keycloak"} config)) (kc/generate-ingress config)
(when (:contains? config :mon-cfg) (when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))) (mon/generate (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -11,12 +11,14 @@
[dda.c4k-common.predicate :as cp])) [dda.c4k-common.predicate :as cp]))
(s/def ::fqdn cp/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::namespace string?)
(s/def ::issuer cp/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::keycloak-admin-user cp/bash-env-string?) (s/def ::keycloak-admin-user cp/bash-env-string?)
(s/def ::keycloak-admin-password cp/bash-env-string?) (s/def ::keycloak-admin-password cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer])) :opt-un [::issuer
::namespace]))
(def auth? (s/keys :req-un [::keycloak-admin-user (def auth? (s/keys :req-un [::keycloak-admin-user
::keycloak-admin-password])) ::keycloak-admin-password]))
@ -35,20 +37,28 @@
config))) config)))
(defn-spec generate-secret cp/map-or-seq? (defn-spec generate-secret cp/map-or-seq?
[auth auth?] [config config?
(let [{:keys [keycloak-admin-user keycloak-admin-password]} auth] auth auth?]
(let [{:keys [namespace]} config
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(-> (->
(yaml/load-as-edn "keycloak/secret.yaml") (yaml/load-as-edn "keycloak/secret.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user)) (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password))))) (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
(defn-spec generate-service cp/map-or-seq? [] (defn-spec generate-service cp/map-or-seq?
(yaml/load-as-edn "keycloak/service.yaml")) [config config?]
(let [{:keys [namespace]} config]
(->
(yaml/load-as-edn "keycloak/service.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
(defn-spec generate-deployment cp/map-or-seq? (defn-spec generate-deployment cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn namespace]} config]
(-> (->
(yaml/load-as-edn "keycloak/deployment.yaml") (yaml/load-as-edn "keycloak/deployment.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))

View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: keycloak name: keycloak
namespace: keycloak namespace: NAMESPACE
labels: labels:
app: keycloak app: keycloak
spec: spec:

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: keycloak-secret name: keycloak-secret
namespace: keycloak namespace: NAMESPACE
type: Opaque type: Opaque
data: data:
keycloak-user: admin keycloak-user: admin

View file

@ -4,7 +4,7 @@ metadata:
name: keycloak name: keycloak
labels: labels:
service: keycloak service: keycloak
namespace: keycloak namespace: NAMESPACE
spec: spec:
ports: ports:
- name: "http" - name: "http"

View file

@ -15,7 +15,7 @@
:data :data
{:keycloak-user "dXNlcg==" {:keycloak-user "dXNlcg=="
:keycloak-password "cGFzc3dvcmQ="}} :keycloak-password "cGFzc3dvcmQ="}}
(cut/generate-secret {:keycloak-admin-user "user" :keycloak-admin-password "password"})))) (cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
@ -75,4 +75,4 @@
:items :items
[{:key "tls.crt", :path "tls.crt"} [{:key "tls.crt", :path "tls.crt"}
{:key "tls.key", :path "tls.key"}]}}]}}}} {:key "tls.key", :path "tls.key"}]}}]}}}}
(cut/generate-deployment {:fqdn "test.de"})))) (cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))