renamed namespaces to nextcloud
leo
3 years ago
parent
1c2f6b89f2
commit
303f7ae5f2
@ -1,59 +0,0 @@
|
||||
kind: Pod
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: backup-restore
|
||||
labels:
|
||||
app.kubernetes.io/name: backup-restore
|
||||
app.kubernetes.io/part-of: cloud
|
||||
spec:
|
||||
containers:
|
||||
- name: backup-app
|
||||
image: domaindrivenarchitecture/c4k-cloud-backup
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint-start-and-wait.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
value: "postgresql-service"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: eu-central-1
|
||||
- name: AWS_ACCESS_KEY_ID_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||
- name: RESTIC_REPOSITORY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: backup-config
|
||||
key: restic-repository
|
||||
- name: RESTIC_PASSWORD_FILE
|
||||
value: /var/run/secrets/backup-secrets/restic-password
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/backups
|
||||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
restartPolicy: OnFailure
|
||||
@ -1,9 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: backup-config
|
||||
labels:
|
||||
app.kubernetes.io/name: backup
|
||||
app.kubernetes.io/part-of: cloud
|
||||
data:
|
||||
restic-repository: restic-repository
|
||||
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
kubectl delete --ignore-not-found=true -f backup-secret.yml
|
||||
kubectl delete --ignore-not-found=true -f backup-config.yml
|
||||
kubectl delete --ignore-not-found=true -f backup-cron.yml
|
||||
|
||||
kubectl apply -f backup-secret.yml
|
||||
kubectl apply -f backup-config.yml
|
||||
kubectl apply -f backup-cron.yml
|
||||
@ -1,65 +0,0 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: cloud-backup
|
||||
labels:
|
||||
app.kubernetes.part-of: cloud
|
||||
spec:
|
||||
schedule: "10 23 * * *"
|
||||
successfulJobsHistoryLimit: 0
|
||||
failedJobsHistoryLimit: 0
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: backup-app
|
||||
image: domaindrivenarchitecture/meissa-cloud-backup
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
value: "postgresql-service"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: eu-central-1
|
||||
- name: AWS_ACCESS_KEY_ID_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||
- name: RESTIC_REPOSITORY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: backup-config
|
||||
key: restic-repository
|
||||
- name: RESTIC_PASSWORD_FILE
|
||||
value: /var/run/secrets/backup-secrets/restic-password
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/backups
|
||||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
restartPolicy: OnFailure
|
||||
@ -1,9 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: backup-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
aws-access-key-id: aws-access-key-id
|
||||
aws-secret-access-key: aws-secret-access-key
|
||||
restic-password: restic-password
|
||||
@ -1,13 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: cloud-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: cloud-secret
|
||||
commonName: fqdn
|
||||
dnsNames:
|
||||
- fqdn
|
||||
issuerRef:
|
||||
name: letsencrypt-staging-issuer
|
||||
kind: ClusterIssuer
|
||||
@ -1,45 +0,0 @@
|
||||
kind: Pod
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: cloud
|
||||
labels:
|
||||
app.kubernetes.io/name: cloud
|
||||
spec:
|
||||
shareProcessNamespace: true
|
||||
containers:
|
||||
- name: cloud-app
|
||||
image: domaindrivenarchitecture/meissa-cloud-app
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: NEXTCLOUD_ADMIN_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: "{{fqdn}}"
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/www/html
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
@ -1,26 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress-cloud
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||
namespace: default
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- fqdn
|
||||
secretName: cloud-secret
|
||||
rules:
|
||||
- host: fqdn
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: cloud-service
|
||||
servicePort: 80
|
||||
@ -1,15 +0,0 @@
|
||||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: cloud-pv-volume
|
||||
labels:
|
||||
type: local
|
||||
app: cloud
|
||||
spec:
|
||||
storageClassName: manual
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
capacity:
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
hostPath:
|
||||
path: "/var/cloud"
|
||||
@ -1,16 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: cloud-pvc
|
||||
labels:
|
||||
app: cloud
|
||||
spec:
|
||||
storageClassName: manual
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cloud
|
||||
@ -1,9 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: cloud-service
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: cloud #???
|
||||
ports:
|
||||
- port: 80
|
||||
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "cloud is running, ingress exists"
|
||||
echo -e "\n====================\n"
|
||||
kubectl get all
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "shows certificate with subject"
|
||||
echo -e "CN={{fqdn}}"
|
||||
echo -e "issuer: CN=Fake LE Intermediate X1"
|
||||
echo -e "\n====================\n"
|
||||
curl --insecure -v https://{{fqdn}}
|
||||
|
||||
echo -e "\n"
|
||||
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
kubectl delete --ignore-not-found=true -f postgres-deployment.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-pvc.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-service.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-config.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-secret.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-persistent-volume.yml
|
||||
|
||||
kubectl apply -f postgres-persistent-volume.yml
|
||||
kubectl apply -f postgres-secret.yml
|
||||
kubectl apply -f postgres-config.yml
|
||||
kubectl apply -f postgres-service.yml
|
||||
kubectl apply -f postgres-pvc.yml
|
||||
kubectl apply -f postgres-deployment.yml
|
||||
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "postgres is running"
|
||||
echo -e "\n====================\n"
|
||||
kubectl get all
|
||||
|
||||
echo -e "\n"
|
||||
@ -1,61 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.app
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.commons.secret :as secret]
|
||||
[dda.config.commons.map-utils :as mu]
|
||||
[dda.pallet.core.app :as core-app]
|
||||
[dda.pallet.dda-config-crate.infra :as config-crate]
|
||||
[dda.pallet.dda-user-crate.app :as user]
|
||||
[dda.pallet.dda-k8s-crate.app :as k8s]
|
||||
[meissa.pallet.meissa-cloud.convention :as convention]
|
||||
[meissa.pallet.meissa-cloud.infra :as infra]))
|
||||
|
||||
(def with-cloud infra/with-cloud)
|
||||
|
||||
(def CloudConvention convention/CloudConvention)
|
||||
|
||||
(def CloudConventionResolved convention/CloudConventionResolved)
|
||||
|
||||
(def InfraResult convention/InfraResult)
|
||||
|
||||
(def CloudApp
|
||||
{:group-specific-config
|
||||
{s/Keyword (merge InfraResult
|
||||
user/InfraResult
|
||||
k8s/InfraResult)}})
|
||||
|
||||
(s/defn ^:always-validate
|
||||
app-configuration-resolved :- CloudApp
|
||||
[resolved-convention-config :- CloudConventionResolved
|
||||
& options]
|
||||
(let [{:keys [group-key] :or {group-key infra/facility}} options]
|
||||
(mu/deep-merge
|
||||
(k8s/app-configuration-resolved
|
||||
(convention/k8s-convention-configuration resolved-convention-config) :group-key group-key)
|
||||
{:group-specific-config
|
||||
{group-key
|
||||
(convention/infra-configuration resolved-convention-config)}})))
|
||||
|
||||
(s/defn ^:always-validate
|
||||
app-configuration :- CloudApp
|
||||
[convention-config :- CloudConvention
|
||||
& options]
|
||||
(let [resolved-convention-config (secret/resolve-secrets convention-config CloudConvention)]
|
||||
(apply app-configuration-resolved resolved-convention-config options)))
|
||||
|
||||
(s/defmethod ^:always-validate
|
||||
core-app/group-spec infra/facility
|
||||
[crate-app
|
||||
convention-config :- CloudConventionResolved]
|
||||
(let [app-config (app-configuration-resolved convention-config)]
|
||||
(core-app/pallet-group-spec
|
||||
app-config [(config-crate/with-config app-config)
|
||||
user/with-user
|
||||
k8s/with-k8s
|
||||
with-cloud])))
|
||||
|
||||
(def crate-app (core-app/make-dda-crate-app
|
||||
:facility infra/facility
|
||||
:convention-schema CloudConvention
|
||||
:convention-schema-resolved CloudConventionResolved
|
||||
:default-convention-file "cloud.edn"))
|
||||
@ -1,93 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.convention
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.commons.secret :as secret]
|
||||
[dda.config.commons.map-utils :as mu]
|
||||
[clojure.spec.alpha :as sp]
|
||||
[clojure.spec.test.alpha :as st]
|
||||
[dda.pallet.dda-k8s-crate.convention :as k8s-convention]
|
||||
[meissa.pallet.meissa-cloud.infra :as infra]
|
||||
[clojure.string :as str]
|
||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]
|
||||
[meissa.pallet.meissa-cloud.convention.bash-php :as bash-php]))
|
||||
|
||||
(def InfraResult {infra/facility infra/MeissaCloudInfra})
|
||||
|
||||
(s/def CloudConvention
|
||||
{:user s/Keyword
|
||||
:external-ip s/Str
|
||||
:fqdn s/Str
|
||||
:cert-manager (s/enum :letsencrypt-prod-issuer :letsencrypt-staging-issuer)
|
||||
:db-user-password secret/Secret
|
||||
:admin-user s/Str
|
||||
:admin-password secret/Secret
|
||||
:storage-size s/Int
|
||||
:restic-repository s/Str
|
||||
:aws-access-key-id secret/Secret
|
||||
:aws-secret-access-key secret/Secret
|
||||
:restic-password secret/Secret
|
||||
(s/optional-key :u18-04) (s/enum true)})
|
||||
|
||||
(def CloudConventionResolved (secret/create-resolved-schema CloudConvention))
|
||||
|
||||
(sp/def ::user keyword?)
|
||||
(sp/def ::external-ip string?)
|
||||
(sp/def ::fqdn string?)
|
||||
(sp/def ::cert-manager #{:letsencrypt-prod-issuer :letsencrypt-staging-issuer})
|
||||
(sp/def ::db-user-password bash-php/bash-php-env-string?)
|
||||
(sp/def ::admin-user bash-php/bash-php-env-string?)
|
||||
(sp/def ::admin-password bash-php/bash-php-env-string?)
|
||||
(sp/def ::storage-size int?)
|
||||
(sp/def ::restic-repository string?)
|
||||
(sp/def ::restic-password bash/bash-env-string?)
|
||||
(sp/def ::aws-access-key-id bash/bash-env-string?)
|
||||
(sp/def ::aws-secret-access-key bash/bash-env-string?)
|
||||
(sp/def ::u18-04 #{true})
|
||||
(def cloud-convention-resolved? (sp/keys :req-un [::user ::external-ip ::fqdn ::cert-manager
|
||||
::db-user-password ::admin-user ::admin-password
|
||||
::storage-size ::restic-repository ::restic-password
|
||||
::aws-access-key-id ::aws-secret-access-key ]
|
||||
:opt-un [::u18-04]))
|
||||
|
||||
(def cloud-spec-resolved nil)
|
||||
|
||||
(s/defn k8s-convention-configuration :- k8s-convention/k8sConventionResolved
|
||||
[convention-config :- CloudConventionResolved]
|
||||
{:pre [(sp/valid? cloud-convention-resolved? convention-config)]}
|
||||
(let [{:keys [cert-manager external-ip user u18-04]} convention-config
|
||||
cluster-issuer (name cert-manager)]
|
||||
(if u18-04
|
||||
{:user user
|
||||
:k8s {:external-ip external-ip
|
||||
:u18-04 true}
|
||||
:cert-manager cert-manager}
|
||||
{:user user
|
||||
:k8s {:external-ip external-ip}
|
||||
:cert-manager cert-manager})))
|
||||
|
||||
|
||||
(s/defn ^:always-validate
|
||||
infra-configuration :- InfraResult
|
||||
[convention-config :- CloudConventionResolved]
|
||||
(let [{:keys [cert-manager fqdn user db-user-password admin-user admin-password storage-size
|
||||
restic-repository aws-access-key-id aws-secret-access-key restic-password]} convention-config
|
||||
cluster-issuer (name cert-manager)
|
||||
db-user-name "cloud"]
|
||||
{infra/facility
|
||||
{:user user
|
||||
:backup {:restic-repository restic-repository
|
||||
:aws-access-key-id aws-access-key-id
|
||||
:aws-secret-access-key aws-secret-access-key
|
||||
:restic-password restic-password}
|
||||
:cloud {:fqdn fqdn
|
||||
:secret-name (str/replace fqdn #"\." "-")
|
||||
:cluster-issuer cluster-issuer
|
||||
:db-name "cloud"
|
||||
:db-user-password db-user-password
|
||||
:db-user-name db-user-name
|
||||
:admin-user admin-user
|
||||
:admin-password admin-password
|
||||
:storage-size (str storage-size)}
|
||||
:postgres {:db-user-password db-user-password
|
||||
:db-user-name db-user-name}}}))
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.convention.bash
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
(defn bash-env-string?
|
||||
[input]
|
||||
(and (string? input)
|
||||
(not (re-matches #".*['\"\$]+.*" input))))
|
||||
|
||||
(s/def ::plain bash-env-string?)
|
||||
@ -1,11 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.convention.bash-php
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]))
|
||||
|
||||
(defn bash-php-env-string?
|
||||
[input]
|
||||
(and (bash/bash-env-string? input)
|
||||
(not (re-matches #".*[\-\\\\]+.*" input))))
|
||||
|
||||
(s/def ::plain bash-php-env-string?)
|
||||
@ -1,51 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.infra
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.core.infra :as core-infra]
|
||||
[meissa.pallet.meissa-cloud.infra.backup :as backup]
|
||||
[meissa.pallet.meissa-cloud.infra.cloud :as cloud]
|
||||
[meissa.pallet.meissa-cloud.infra.postgres :as postgres]))
|
||||
|
||||
(def facility :meissa-cloud)
|
||||
|
||||
(def MeissaCloudInfra
|
||||
(merge
|
||||
{:user s/Keyword}
|
||||
backup/MeissaBackupInfra
|
||||
cloud/MeissaCloudInfra
|
||||
postgres/MeissaPostgresInfra))
|
||||
|
||||
(s/defmethod core-infra/dda-init facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/init facility user-str postgres)
|
||||
(cloud/init facility user-str cloud)
|
||||
(backup/init facility user-str backup)))
|
||||
|
||||
(s/defmethod core-infra/dda-install facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/install facility user-str postgres)
|
||||
(cloud/install facility user-str cloud)
|
||||
(backup/install facility user-str backup)))
|
||||
|
||||
(s/defmethod core-infra/dda-configure facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/configure facility user-str postgres)
|
||||
(cloud/configure facility user-str cloud)
|
||||
(backup/configure facility user-str backup)))
|
||||
|
||||
(def meissa-cloud
|
||||
(core-infra/make-dda-crate-infra
|
||||
:facility facility
|
||||
:infra-schema MeissaCloudInfra))
|
||||
|
||||
(def with-cloud
|
||||
(core-infra/create-infra-plan meissa-cloud))
|
||||
@ -1,39 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.infra.backup
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Backup
|
||||
{:restic-repository s/Str
|
||||
:aws-access-key-id s/Str
|
||||
:aws-secret-access-key s/Str
|
||||
:restic-password s/Str})
|
||||
|
||||
(def MeissaBackupInfra {:backup Backup})
|
||||
|
||||
(def backup "backup")
|
||||
|
||||
(defn init [facility user config])
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name backup
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name backup
|
||||
[{:filename "backup-secret.yml" :config config}
|
||||
{:filename "backup-config.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "backup-restore.yml"}
|
||||
{:filename "backup-cron.yml"}])))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name backup
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name backup "configure-as-user.sh")
|
||||
))
|
||||
@ -1,57 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.infra.cloud
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Cloud
|
||||
{:fqdn s/Str
|
||||
:secret-name s/Str
|
||||
:cluster-issuer s/Str
|
||||
:db-name s/Str
|
||||
:db-user-name s/Str
|
||||
:db-user-password s/Str
|
||||
:admin-user s/Str
|
||||
:admin-password s/Str
|
||||
:storage-size s/Str})
|
||||
|
||||
(def MeissaCloudInfra {:cloud Cloud})
|
||||
|
||||
(def cloud "cloud")
|
||||
|
||||
(defn init
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "init")
|
||||
(p/copy-resources-to-tmp
|
||||
::pp/pallet facility-name cloud
|
||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
||||
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name cloud
|
||||
[{:filename "pod-running.sh"}
|
||||
{:filename "cloud-persistent-volume.yml" :config config}
|
||||
{:filename "cloud-secret.yml" :config config}
|
||||
{:filename "cloud-service.yml"}
|
||||
{:filename "cloud-pvc.yml" :config config}
|
||||
{:filename "cloud-pod.yml" :config config}
|
||||
{:filename "cloud-ingress.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "verify.sh" :config config}])
|
||||
(p/exec-file-on-target-as-root
|
||||
::pp/pallet facility-name cloud "install-as-root.sh")))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name cloud "configure-as-user.sh")))
|
||||
@ -1,47 +0,0 @@
|
||||
(ns meissa.pallet.meissa-cloud.infra.postgres
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Postgres {:db-user-name s/Str :db-user-password s/Str})
|
||||
|
||||
(def MeissaPostgresInfra {:postgres Postgres})
|
||||
|
||||
(def postgres "postgres")
|
||||
|
||||
(defn init
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "init")
|
||||
(p/copy-resources-to-tmp
|
||||
::pp/pallet facility-name postgres
|
||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
||||
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name postgres
|
||||
[{:filename "postgres-persistent-volume.yml"}
|
||||
{:filename "postgres-secret.yml" :config config}
|
||||
{:filename "postgres-config.yml"}
|
||||
{:filename "postgres-service.yml"}
|
||||
{:filename "postgres-pvc.yml"}
|
||||
{:filename "postgres-deployment.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "verify.sh"}])
|
||||
(p/exec-file-on-target-as-root
|
||||
::pp/pallet facility-name postgres "install-as-root.sh")))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name postgres "configure-as-user.sh")))
|
||||
@ -1,16 +1,16 @@
|
||||
(ns dda.c4k-cloud.uberjar
|
||||
(ns dda.c4k-nextcloud.uberjar
|
||||
(:gen-class)
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[clojure.string :as cs]
|
||||
[clojure.tools.reader.edn :as edn]
|
||||
[expound.alpha :as expound]
|
||||
[dda.c4k-cloud.core :as core]))
|
||||
[dda.c4k-nextcloud.core :as core]))
|
||||
|
||||
(def usage
|
||||
"usage:
|
||||
|
||||
c4k-cloud {your configuraton file} {your authorization file}")
|
||||
c4k-nextcloud {your configuraton file} {your authorization file}")
|
||||
|
||||
(s/def ::options (s/* #{"-h"}))
|
||||
(s/def ::filename (s/and string?
|
||||
@ -1,4 +1,4 @@
|
||||
(ns dda.c4k-cloud.backup
|
||||
(ns dda.c4k-nextcloud.backup
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
@ -1,50 +0,0 @@
|
||||
<configuration scan="true" scanPeriod="1 seconds" debug="false">
|
||||
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
|
||||
<encoder>
|
||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
||||
</encoder>
|
||||
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
|
||||
<level>INFO</level>
|
||||
</filter>
|
||||
</appender>
|
||||
|
||||
<appender name="PALLETFILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
||||
<file>logs/pallet.log</file>
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<fileNamePattern>logs/old/pallet.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>3</maxHistory>
|
||||
</rollingPolicy>
|
||||
<encoder>
|
||||
<pattern>%date %level [%thread] %logger{10} %msg%n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<logger name="clj-ssh.ssh" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet.ssh" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet.algo" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="dda" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="meissa" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<root level="DEBUG">
|
||||
<appender-ref ref="CONSOLE" />
|
||||
</root>
|
||||
|
||||
</configuration>
|
||||
@ -1,93 +0,0 @@
|
||||
(ns dda.c4k-cloud.backup-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.backup :as cut]))
|
||||
|
||||
|
||||
(deftest should-generate-secret
|
||||
(is (= {:apiVersion "v1"
|
||||
:kind "Secret"
|
||||
:metadata {:name "backup-secret"}
|
||||
:type "Opaque"
|
||||
:data
|
||||
{:aws-access-key-id "YXdzLWlk", :aws-secret-access-key "YXdzLXNlY3JldA==", :restic-password "cmVzdGljLXB3"}}
|
||||
(cut/generate-secret {:aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-pw"}))))
|
||||
|
||||
(deftest should-generate-config
|
||||
(is (= {:apiVersion "v1"
|
||||
:kind "ConfigMap"
|
||||
:metadata {:name "backup-config"
|
||||
:labels {:app.kubernetes.io/name "backup"
|
||||
:app.kubernetes.io/part-of "cloud"}}
|
||||
:data
|
||||
{:restic-repository "s3:restic-repository"}}
|
||||
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
|
||||
|
||||
(deftest should-generate-cron
|
||||
(is (= {:apiVersion "batch/v1beta1"
|
||||
:kind "CronJob"
|
||||
:metadata {:name "cloud-backup"
|
||||
:labels {:app.kubernetes.part-of "cloud"}}
|
||||
:spec {:schedule "10 23 * * *"
|
||||
:successfulJobsHistoryLimit 1
|
||||
:failedJobsHistoryLimit 1
|
||||
:jobTemplate
|
||||
{:spec
|
||||
{:template
|
||||
{:spec
|
||||
{:containers
|
||||
[{:name "backup-app"
|
||||
:image "domaindrivenarchitecture/c4k-cloud-backup"
|
||||
:imagePullPolicy "IfNotPresent"
|
||||
:command ["/entrypoint.sh"]
|
||||
:env
|
||||
[{:name "POSTGRES_USER"
|
||||
:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret"
|
||||
:key "postgres-user"}}}
|
||||
{:name "POSTGRES_PASSWORD"
|
||||
:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret"
|
||||
:key "postgres-password"}}}
|
||||
{:name "POSTGRES_DB"
|
||||
:valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "postgres-config"
|
||||
:key "postgres-db"}}}
|
||||
{:name "POSTGRES_HOST"
|
||||
:value "postgresql-service:5432"}
|
||||
{:name "POSTGRES_SERVICE"
|
||||
:value "postgresql-service"}
|
||||
{:name "POSTGRES_PORT"
|
||||
:value "5432"}
|
||||
{:name "AWS_DEFAULT_REGION"
|
||||
:value "eu-central-1"}
|
||||
{:name "AWS_ACCESS_KEY_ID_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/aws-access-key-id"}
|
||||
{:name "AWS_SECRET_ACCESS_KEY_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
|
||||
{:name "RESTIC_REPOSITORY"
|
||||
:valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "backup-config"
|
||||
:key "restic-repository"}}}
|
||||
{:name "RESTIC_PASSWORD_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/restic-password"}]
|
||||
:volumeMounts
|
||||
[{:name "cloud-data-volume"
|
||||
:mountPath "/var/backups"}
|
||||
{:name "backup-secret-volume"
|
||||
:mountPath "/var/run/secrets/backup-secrets"
|
||||
:readOnly true}]}]
|
||||
:volumes
|
||||
[{:name "cloud-data-volume"
|
||||
:persistentVolumeClaim
|
||||
{:claimName "cloud-pvc"}}
|
||||
{:name "backup-secret-volume"
|
||||
:secret
|
||||
{:secretName "backup-secret"}}]
|
||||
:restartPolicy "OnFailure"}}}}}}
|
||||
(cut/generate-cron))))
|
||||
@ -1,80 +0,0 @@
|
||||
(ns dda.c4k-cloud.cloud-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.cloud :as cut]))
|
||||
|
||||
(deftest should-generate-certificate
|
||||
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
||||
:kind "Certificate"
|
||||
:metadata {:name "cloud-cert", :namespace "default"}
|
||||
:spec
|
||||
{:secretName "cloud-secret"
|
||||
:commonName "xx"
|
||||
:dnsNames ["xx"]
|
||||
:issuerRef
|
||||
{:name "letsencrypt-prod-issuer", :kind "ClusterIssuer"}}}
|
||||
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
||||
|
||||
(deftest should-generate-ingress
|
||||
(is (= {:apiVersion "extensions/v1beta1"
|
||||
:kind "Ingress"
|
||||
:metadata
|
||||
{:name "ingress-cloud"
|
||||
:annotations
|
||||
{:cert-manager.io/cluster-issuer
|
||||
"letsencrypt-staging-issuer"
|
||||
:nginx.ingress.kubernetes.io/proxy-body-size "256m"
|
||||
:nginx.ingress.kubernetes.io/ssl-redirect "true"
|
||||
:nginx.ingress.kubernetes.io/rewrite-target "/"
|
||||
:nginx.ingress.kubernetes.io/proxy-connect-timeout "300"
|
||||
:nginx.ingress.kubernetes.io/proxy-send-timeout "300"
|
||||
:nginx.ingress.kubernetes.io/proxy-read-timeout "300"}
|
||||
:namespace "default"}
|
||||
:spec
|
||||
{:tls [{:hosts ["xx"], :secretName "cloud-secret"}]
|
||||
:rules
|
||||
[{:host "xx"
|
||||
:http
|
||||
{:paths
|
||||
[{:path "/"
|
||||
:backend
|
||||
{:serviceName "cloud-service", :servicePort 8080}}]}}]}}
|
||||
(cut/generate-ingress {:fqdn "xx"}))))
|
||||
|
||||
(deftest should-generate-persistent-volume
|
||||
(is (= {:kind "PersistentVolume"
|
||||
:apiVersion "v1"
|
||||
:metadata {:name "cloud-pv-volume", :labels {:type "local"}}
|
||||
:spec
|
||||
{:storageClassName "manual"
|
||||
:accessModes ["ReadWriteOnce"]
|
||||
:capacity {:storage "30Gi"}
|
||||
:hostPath {:path "xx"}}}
|
||||
(cut/generate-persistent-volume {:cloud-data-volume-path "xx"}))))
|
||||
|
||||
(deftest should-generate-deployment
|
||||
(is (= {:containers
|
||||
[{:image "domaindrivenarchitecture/c4k-cloud"
|
||||
:name "cloud-app"
|
||||
:imagePullPolicy "IfNotPresent"
|
||||
:env
|
||||
[{:name "DB_USERNAME_FILE"
|
||||
:value
|
||||
"/var/run/secrets/postgres-secret/postgres-user"}
|
||||
{:name "DB_PASSWORD_FILE"
|
||||
:value
|
||||
"/var/run/secrets/postgres-secret/postgres-password"}
|
||||
{:name "FQDN", :value "xx"}]
|
||||
:command ["/app/entrypoint.sh"]
|
||||
:volumeMounts
|
||||
[{:mountPath "/var/cloud", :name "cloud-data-volume"}
|
||||
{:name "postgres-secret-volume"
|
||||
:mountPath "/var/run/secrets/postgres-secret"
|
||||
:readOnly true}]}]
|
||||
:volumes
|
||||
[{:name "cloud-data-volume"
|
||||
:persistentVolumeClaim {:claimName "cloud-pvc"}}
|
||||
{:name "postgres-secret-volume"
|
||||
:secret {:secretName "postgres-secret"}}]}
|
||||
(get-in (cut/generate-deployment {:fqdn "xx"}) [:spec :template :spec]))))
|
||||
@ -1,35 +0,0 @@
|
||||
(ns dda.c4k-cloud.core-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.core :as cut]))
|
||||
|
||||
(deftest should-k8s-objects
|
||||
(is (= 16
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:cloud-data-volume-path "/var/cloud"
|
||||
:postgres-data-volume-path "/var/postgres"
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"
|
||||
:restic-repository "restic-repository"}))))
|
||||
(is (= 14
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"
|
||||
:restic-repository "restic-repository"}))))
|
||||
(is (= 11
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"})))))
|
||||
Loading…
Reference in New Issue