proper-namespace-implementation #2
6 changed files with 35 additions and 24 deletions
|
@ -13,11 +13,18 @@
|
||||||
|
|
||||||
(def default-storage-class :local-path)
|
(def default-storage-class :local-path)
|
||||||
|
|
||||||
(def config-defaults {:issuer "staging"})
|
(def config-defaults {:issuer "staging",
|
||||||
|
:namespace "keycloak"
|
||||||
|
:postgres-image "postgres:14"
|
||||||
|
:postgres-size :2gb
|
||||||
|
:db-name "keycloak"
|
||||||
|
:pv-storage-size-gb 30
|
||||||
|
:pvc-storage-class-name default-storage-class})
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::kc/fqdn]
|
(def config? (s/keys :req-un [::kc/fqdn]
|
||||||
:opt-un [::kc/issuer
|
:opt-un [::kc/issuer
|
||||||
::mon/mon-cfg]))
|
::mon/mon-cfg
|
||||||
|
::kc/namespace]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
|
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
|
||||||
::postgres/postgres-db-user ::postgres/postgres-db-password]
|
::postgres/postgres-db-user ::postgres/postgres-db-password]
|
||||||
|
@ -30,17 +37,11 @@
|
||||||
(filter
|
(filter
|
||||||
#(not (nil? %))
|
#(not (nil? %))
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(ns/generate (merge {:namespace "keycloak"} config))
|
(ns/generate config)
|
||||||
(postgres/generate (merge {:postgres-image "postgres:14"
|
(postgres/generate config auth)
|
||||||
:postgres-size :2gb
|
[(kc/generate-secret config auth)
|
||||||
:db-name "keycloak"
|
(kc/generate-service config)
|
||||||
:pv-storage-size-gb 30
|
|
||||||
:pvc-storage-class-name default-storage-class
|
|
||||||
:namespace "keycloak"})
|
|
||||||
auth)
|
|
||||||
[(kc/generate-secret auth)
|
|
||||||
(kc/generate-service)
|
|
||||||
(kc/generate-deployment config)]
|
(kc/generate-deployment config)]
|
||||||
(kc/generate-ingress (merge {:namespace "keycloak"} config))
|
(kc/generate-ingress config)
|
||||||
(when (:contains? config :mon-cfg)
|
(when (:contains? config :mon-cfg)
|
||||||
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
|
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
|
||||||
|
|
|
@ -11,12 +11,14 @@
|
||||||
[dda.c4k-common.predicate :as cp]))
|
[dda.c4k-common.predicate :as cp]))
|
||||||
|
|
||||||
(s/def ::fqdn cp/fqdn-string?)
|
(s/def ::fqdn cp/fqdn-string?)
|
||||||
|
(s/def ::namespace string?)
|
||||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||||
(s/def ::keycloak-admin-user cp/bash-env-string?)
|
(s/def ::keycloak-admin-user cp/bash-env-string?)
|
||||||
(s/def ::keycloak-admin-password cp/bash-env-string?)
|
(s/def ::keycloak-admin-password cp/bash-env-string?)
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::fqdn]
|
(def config? (s/keys :req-un [::fqdn]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer
|
||||||
|
::namespace]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::keycloak-admin-user
|
(def auth? (s/keys :req-un [::keycloak-admin-user
|
||||||
::keycloak-admin-password]))
|
::keycloak-admin-password]))
|
||||||
|
@ -35,20 +37,28 @@
|
||||||
config)))
|
config)))
|
||||||
|
|
||||||
(defn-spec generate-secret cp/map-or-seq?
|
(defn-spec generate-secret cp/map-or-seq?
|
||||||
[auth auth?]
|
[config config?
|
||||||
(let [{:keys [keycloak-admin-user keycloak-admin-password]} auth]
|
auth auth?]
|
||||||
|
(let [{:keys [namespace]} config
|
||||||
|
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "keycloak/secret.yaml")
|
(yaml/load-as-edn "keycloak/secret.yaml")
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
|
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
|
||||||
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
|
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
|
||||||
|
|
||||||
(defn-spec generate-service cp/map-or-seq? []
|
(defn-spec generate-service cp/map-or-seq?
|
||||||
(yaml/load-as-edn "keycloak/service.yaml"))
|
[config config?]
|
||||||
|
(let [{:keys [namespace]} config]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "keycloak/service.yaml")
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace))))
|
||||||
|
|
||||||
(defn-spec generate-deployment cp/map-or-seq?
|
(defn-spec generate-deployment cp/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
(let [{:keys [fqdn]} config]
|
(let [{:keys [fqdn namespace]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "keycloak/deployment.yaml")
|
(yaml/load-as-edn "keycloak/deployment.yaml")
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak
|
name: keycloak
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
labels:
|
labels:
|
||||||
app: keycloak
|
app: keycloak
|
||||||
spec:
|
spec:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-secret
|
name: keycloak-secret
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
keycloak-user: admin
|
keycloak-user: admin
|
||||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
||||||
name: keycloak
|
name: keycloak
|
||||||
labels:
|
labels:
|
||||||
service: keycloak
|
service: keycloak
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: "http"
|
- name: "http"
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
:data
|
:data
|
||||||
{:keycloak-user "dXNlcg=="
|
{:keycloak-user "dXNlcg=="
|
||||||
:keycloak-password "cGFzc3dvcmQ="}}
|
:keycloak-password "cGFzc3dvcmQ="}}
|
||||||
(cut/generate-secret {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
|
(cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
|
||||||
|
|
||||||
(deftest should-generate-deployment
|
(deftest should-generate-deployment
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
|
@ -75,4 +75,4 @@
|
||||||
:items
|
:items
|
||||||
[{:key "tls.crt", :path "tls.crt"}
|
[{:key "tls.crt", :path "tls.crt"}
|
||||||
{:key "tls.key", :path "tls.key"}]}}]}}}}
|
{:key "tls.key", :path "tls.key"}]}}]}}}}
|
||||||
(cut/generate-deployment {:fqdn "test.de"}))))
|
(cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))
|
||||||
|
|
Loading…
Reference in a new issue