renamed namespaces to nextcloud
This commit is contained in:
parent
1c2f6b89f2
commit
303f7ae5f2
53 changed files with 131 additions and 1059 deletions
|
@ -1,59 +0,0 @@
|
||||||
kind: Pod
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: backup-restore
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: backup-restore
|
|
||||||
app.kubernetes.io/part-of: cloud
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: backup-app
|
|
||||||
image: domaindrivenarchitecture/c4k-cloud-backup
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command: ["/entrypoint-start-and-wait.sh"]
|
|
||||||
env:
|
|
||||||
- name: POSTGRES_USER_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
|
||||||
- name: POSTGRES_DB_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
|
||||||
- name: POSTGRES_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
|
||||||
- name: POSTGRES_HOST
|
|
||||||
value: "postgresql-service:5432"
|
|
||||||
- name: POSTGRES_SERVICE
|
|
||||||
value: "postgresql-service"
|
|
||||||
- name: POSTGRES_PORT
|
|
||||||
value: "5432"
|
|
||||||
- name: AWS_DEFAULT_REGION
|
|
||||||
value: eu-central-1
|
|
||||||
- name: AWS_ACCESS_KEY_ID_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
|
||||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
|
||||||
- name: RESTIC_REPOSITORY
|
|
||||||
valueFrom:
|
|
||||||
configMapKeyRef:
|
|
||||||
name: backup-config
|
|
||||||
key: restic-repository
|
|
||||||
- name: RESTIC_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/restic-password
|
|
||||||
volumeMounts:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
mountPath: /var/backups
|
|
||||||
- name: backup-secret-volume
|
|
||||||
mountPath: /var/run/secrets/backup-secrets
|
|
||||||
readOnly: true
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
mountPath: /var/run/secrets/cloud-secrets
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: cloud-pvc
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: cloud-secret
|
|
||||||
- name: backup-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: backup-secret
|
|
||||||
restartPolicy: OnFailure
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: backup-config
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: backup
|
|
||||||
app.kubernetes.io/part-of: cloud
|
|
||||||
data:
|
|
||||||
restic-repository: restic-repository
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
kubectl delete --ignore-not-found=true -f backup-secret.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f backup-config.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f backup-cron.yml
|
|
||||||
|
|
||||||
kubectl apply -f backup-secret.yml
|
|
||||||
kubectl apply -f backup-config.yml
|
|
||||||
kubectl apply -f backup-cron.yml
|
|
|
@ -1,65 +0,0 @@
|
||||||
apiVersion: batch/v1beta1
|
|
||||||
kind: CronJob
|
|
||||||
metadata:
|
|
||||||
name: cloud-backup
|
|
||||||
labels:
|
|
||||||
app.kubernetes.part-of: cloud
|
|
||||||
spec:
|
|
||||||
schedule: "10 23 * * *"
|
|
||||||
successfulJobsHistoryLimit: 0
|
|
||||||
failedJobsHistoryLimit: 0
|
|
||||||
jobTemplate:
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: backup-app
|
|
||||||
image: domaindrivenarchitecture/meissa-cloud-backup
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command: ["/entrypoint.sh"]
|
|
||||||
env:
|
|
||||||
- name: POSTGRES_USER_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
|
||||||
- name: POSTGRES_DB_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
|
||||||
- name: POSTGRES_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
|
||||||
- name: POSTGRES_HOST
|
|
||||||
value: "postgresql-service:5432"
|
|
||||||
- name: POSTGRES_SERVICE
|
|
||||||
value: "postgresql-service"
|
|
||||||
- name: POSTGRES_PORT
|
|
||||||
value: "5432"
|
|
||||||
- name: AWS_DEFAULT_REGION
|
|
||||||
value: eu-central-1
|
|
||||||
- name: AWS_ACCESS_KEY_ID_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
|
||||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
|
||||||
- name: RESTIC_REPOSITORY
|
|
||||||
valueFrom:
|
|
||||||
configMapKeyRef:
|
|
||||||
name: backup-config
|
|
||||||
key: restic-repository
|
|
||||||
- name: RESTIC_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/backup-secrets/restic-password
|
|
||||||
volumeMounts:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
mountPath: /var/backups
|
|
||||||
- name: backup-secret-volume
|
|
||||||
mountPath: /var/run/secrets/backup-secrets
|
|
||||||
readOnly: true
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
mountPath: /var/run/secrets/cloud-secrets
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: cloud-pvc
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: cloud-secret
|
|
||||||
- name: backup-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: backup-secret
|
|
||||||
restartPolicy: OnFailure
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: backup-secret
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
aws-access-key-id: aws-access-key-id
|
|
||||||
aws-secret-access-key: aws-secret-access-key
|
|
||||||
restic-password: restic-password
|
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: cert-manager.io/v1alpha2
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: cloud-cert
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
secretName: cloud-secret
|
|
||||||
commonName: fqdn
|
|
||||||
dnsNames:
|
|
||||||
- fqdn
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-staging-issuer
|
|
||||||
kind: ClusterIssuer
|
|
|
@ -1,45 +0,0 @@
|
||||||
kind: Pod
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: cloud
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: cloud
|
|
||||||
spec:
|
|
||||||
shareProcessNamespace: true
|
|
||||||
containers:
|
|
||||||
- name: cloud-app
|
|
||||||
image: domaindrivenarchitecture/meissa-cloud-app
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
ports:
|
|
||||||
- containerPort: 80
|
|
||||||
env:
|
|
||||||
- name: NEXTCLOUD_ADMIN_USER_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
|
||||||
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
|
||||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
|
||||||
value: "{{fqdn}}"
|
|
||||||
- name: POSTGRES_USER_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
|
||||||
- name: POSTGRES_PASSWORD_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
|
||||||
- name: POSTGRES_DB_FILE
|
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
|
||||||
- name: POSTGRES_HOST
|
|
||||||
value: "postgresql-service:5432"
|
|
||||||
volumeMounts:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
mountPath: /var/www/html
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
mountPath: /var/run/secrets/cloud-secrets
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- name: cloud-data-volume
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: cloud-pvc
|
|
||||||
- name: cloud-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: cloud-secret
|
|
||||||
- name: backup-secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: backup-secret
|
|
|
@ -1,26 +0,0 @@
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: ingress-cloud
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
|
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
||||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- fqdn
|
|
||||||
secretName: cloud-secret
|
|
||||||
rules:
|
|
||||||
- host: fqdn
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: cloud-service
|
|
||||||
servicePort: 80
|
|
|
@ -1,15 +0,0 @@
|
||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: cloud-pv-volume
|
|
||||||
labels:
|
|
||||||
type: local
|
|
||||||
app: cloud
|
|
||||||
spec:
|
|
||||||
storageClassName: manual
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
capacity:
|
|
||||||
storage: {{storage-size}}Gi #??? 30Gi?
|
|
||||||
hostPath:
|
|
||||||
path: "/var/cloud"
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: cloud-pvc
|
|
||||||
labels:
|
|
||||||
app: cloud
|
|
||||||
spec:
|
|
||||||
storageClassName: manual
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{storage-size}}Gi #??? 30Gi?
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: cloud
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: cloud-service
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: cloud #???
|
|
||||||
ports:
|
|
||||||
- port: 80
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
echo -e "cloud is running, ingress exists"
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
kubectl get all
|
|
||||||
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
echo -e "shows certificate with subject"
|
|
||||||
echo -e "CN={{fqdn}}"
|
|
||||||
echo -e "issuer: CN=Fake LE Intermediate X1"
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
curl --insecure -v https://{{fqdn}}
|
|
||||||
|
|
||||||
echo -e "\n"
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-deployment.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-pvc.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-service.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-config.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-secret.yml
|
|
||||||
kubectl delete --ignore-not-found=true -f postgres-persistent-volume.yml
|
|
||||||
|
|
||||||
kubectl apply -f postgres-persistent-volume.yml
|
|
||||||
kubectl apply -f postgres-secret.yml
|
|
||||||
kubectl apply -f postgres-config.yml
|
|
||||||
kubectl apply -f postgres-service.yml
|
|
||||||
kubectl apply -f postgres-pvc.yml
|
|
||||||
kubectl apply -f postgres-deployment.yml
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
echo -e "postgres is running"
|
|
||||||
echo -e "\n====================\n"
|
|
||||||
kubectl get all
|
|
||||||
|
|
||||||
echo -e "\n"
|
|
|
@ -1,61 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.app
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.pallet.commons.secret :as secret]
|
|
||||||
[dda.config.commons.map-utils :as mu]
|
|
||||||
[dda.pallet.core.app :as core-app]
|
|
||||||
[dda.pallet.dda-config-crate.infra :as config-crate]
|
|
||||||
[dda.pallet.dda-user-crate.app :as user]
|
|
||||||
[dda.pallet.dda-k8s-crate.app :as k8s]
|
|
||||||
[meissa.pallet.meissa-cloud.convention :as convention]
|
|
||||||
[meissa.pallet.meissa-cloud.infra :as infra]))
|
|
||||||
|
|
||||||
(def with-cloud infra/with-cloud)
|
|
||||||
|
|
||||||
(def CloudConvention convention/CloudConvention)
|
|
||||||
|
|
||||||
(def CloudConventionResolved convention/CloudConventionResolved)
|
|
||||||
|
|
||||||
(def InfraResult convention/InfraResult)
|
|
||||||
|
|
||||||
(def CloudApp
|
|
||||||
{:group-specific-config
|
|
||||||
{s/Keyword (merge InfraResult
|
|
||||||
user/InfraResult
|
|
||||||
k8s/InfraResult)}})
|
|
||||||
|
|
||||||
(s/defn ^:always-validate
|
|
||||||
app-configuration-resolved :- CloudApp
|
|
||||||
[resolved-convention-config :- CloudConventionResolved
|
|
||||||
& options]
|
|
||||||
(let [{:keys [group-key] :or {group-key infra/facility}} options]
|
|
||||||
(mu/deep-merge
|
|
||||||
(k8s/app-configuration-resolved
|
|
||||||
(convention/k8s-convention-configuration resolved-convention-config) :group-key group-key)
|
|
||||||
{:group-specific-config
|
|
||||||
{group-key
|
|
||||||
(convention/infra-configuration resolved-convention-config)}})))
|
|
||||||
|
|
||||||
(s/defn ^:always-validate
|
|
||||||
app-configuration :- CloudApp
|
|
||||||
[convention-config :- CloudConvention
|
|
||||||
& options]
|
|
||||||
(let [resolved-convention-config (secret/resolve-secrets convention-config CloudConvention)]
|
|
||||||
(apply app-configuration-resolved resolved-convention-config options)))
|
|
||||||
|
|
||||||
(s/defmethod ^:always-validate
|
|
||||||
core-app/group-spec infra/facility
|
|
||||||
[crate-app
|
|
||||||
convention-config :- CloudConventionResolved]
|
|
||||||
(let [app-config (app-configuration-resolved convention-config)]
|
|
||||||
(core-app/pallet-group-spec
|
|
||||||
app-config [(config-crate/with-config app-config)
|
|
||||||
user/with-user
|
|
||||||
k8s/with-k8s
|
|
||||||
with-cloud])))
|
|
||||||
|
|
||||||
(def crate-app (core-app/make-dda-crate-app
|
|
||||||
:facility infra/facility
|
|
||||||
:convention-schema CloudConvention
|
|
||||||
:convention-schema-resolved CloudConventionResolved
|
|
||||||
:default-convention-file "cloud.edn"))
|
|
|
@ -1,93 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.convention
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.pallet.commons.secret :as secret]
|
|
||||||
[dda.config.commons.map-utils :as mu]
|
|
||||||
[clojure.spec.alpha :as sp]
|
|
||||||
[clojure.spec.test.alpha :as st]
|
|
||||||
[dda.pallet.dda-k8s-crate.convention :as k8s-convention]
|
|
||||||
[meissa.pallet.meissa-cloud.infra :as infra]
|
|
||||||
[clojure.string :as str]
|
|
||||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]
|
|
||||||
[meissa.pallet.meissa-cloud.convention.bash-php :as bash-php]))
|
|
||||||
|
|
||||||
(def InfraResult {infra/facility infra/MeissaCloudInfra})
|
|
||||||
|
|
||||||
(s/def CloudConvention
|
|
||||||
{:user s/Keyword
|
|
||||||
:external-ip s/Str
|
|
||||||
:fqdn s/Str
|
|
||||||
:cert-manager (s/enum :letsencrypt-prod-issuer :letsencrypt-staging-issuer)
|
|
||||||
:db-user-password secret/Secret
|
|
||||||
:admin-user s/Str
|
|
||||||
:admin-password secret/Secret
|
|
||||||
:storage-size s/Int
|
|
||||||
:restic-repository s/Str
|
|
||||||
:aws-access-key-id secret/Secret
|
|
||||||
:aws-secret-access-key secret/Secret
|
|
||||||
:restic-password secret/Secret
|
|
||||||
(s/optional-key :u18-04) (s/enum true)})
|
|
||||||
|
|
||||||
(def CloudConventionResolved (secret/create-resolved-schema CloudConvention))
|
|
||||||
|
|
||||||
(sp/def ::user keyword?)
|
|
||||||
(sp/def ::external-ip string?)
|
|
||||||
(sp/def ::fqdn string?)
|
|
||||||
(sp/def ::cert-manager #{:letsencrypt-prod-issuer :letsencrypt-staging-issuer})
|
|
||||||
(sp/def ::db-user-password bash-php/bash-php-env-string?)
|
|
||||||
(sp/def ::admin-user bash-php/bash-php-env-string?)
|
|
||||||
(sp/def ::admin-password bash-php/bash-php-env-string?)
|
|
||||||
(sp/def ::storage-size int?)
|
|
||||||
(sp/def ::restic-repository string?)
|
|
||||||
(sp/def ::restic-password bash/bash-env-string?)
|
|
||||||
(sp/def ::aws-access-key-id bash/bash-env-string?)
|
|
||||||
(sp/def ::aws-secret-access-key bash/bash-env-string?)
|
|
||||||
(sp/def ::u18-04 #{true})
|
|
||||||
(def cloud-convention-resolved? (sp/keys :req-un [::user ::external-ip ::fqdn ::cert-manager
|
|
||||||
::db-user-password ::admin-user ::admin-password
|
|
||||||
::storage-size ::restic-repository ::restic-password
|
|
||||||
::aws-access-key-id ::aws-secret-access-key ]
|
|
||||||
:opt-un [::u18-04]))
|
|
||||||
|
|
||||||
(def cloud-spec-resolved nil)
|
|
||||||
|
|
||||||
(s/defn k8s-convention-configuration :- k8s-convention/k8sConventionResolved
|
|
||||||
[convention-config :- CloudConventionResolved]
|
|
||||||
{:pre [(sp/valid? cloud-convention-resolved? convention-config)]}
|
|
||||||
(let [{:keys [cert-manager external-ip user u18-04]} convention-config
|
|
||||||
cluster-issuer (name cert-manager)]
|
|
||||||
(if u18-04
|
|
||||||
{:user user
|
|
||||||
:k8s {:external-ip external-ip
|
|
||||||
:u18-04 true}
|
|
||||||
:cert-manager cert-manager}
|
|
||||||
{:user user
|
|
||||||
:k8s {:external-ip external-ip}
|
|
||||||
:cert-manager cert-manager})))
|
|
||||||
|
|
||||||
|
|
||||||
(s/defn ^:always-validate
|
|
||||||
infra-configuration :- InfraResult
|
|
||||||
[convention-config :- CloudConventionResolved]
|
|
||||||
(let [{:keys [cert-manager fqdn user db-user-password admin-user admin-password storage-size
|
|
||||||
restic-repository aws-access-key-id aws-secret-access-key restic-password]} convention-config
|
|
||||||
cluster-issuer (name cert-manager)
|
|
||||||
db-user-name "cloud"]
|
|
||||||
{infra/facility
|
|
||||||
{:user user
|
|
||||||
:backup {:restic-repository restic-repository
|
|
||||||
:aws-access-key-id aws-access-key-id
|
|
||||||
:aws-secret-access-key aws-secret-access-key
|
|
||||||
:restic-password restic-password}
|
|
||||||
:cloud {:fqdn fqdn
|
|
||||||
:secret-name (str/replace fqdn #"\." "-")
|
|
||||||
:cluster-issuer cluster-issuer
|
|
||||||
:db-name "cloud"
|
|
||||||
:db-user-password db-user-password
|
|
||||||
:db-user-name db-user-name
|
|
||||||
:admin-user admin-user
|
|
||||||
:admin-password admin-password
|
|
||||||
:storage-size (str storage-size)}
|
|
||||||
:postgres {:db-user-password db-user-password
|
|
||||||
:db-user-name db-user-name}}}))
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.convention.bash
|
|
||||||
(:require
|
|
||||||
[clojure.spec.alpha :as s]))
|
|
||||||
|
|
||||||
(defn bash-env-string?
|
|
||||||
[input]
|
|
||||||
(and (string? input)
|
|
||||||
(not (re-matches #".*['\"\$]+.*" input))))
|
|
||||||
|
|
||||||
(s/def ::plain bash-env-string?)
|
|
|
@ -1,11 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.convention.bash-php
|
|
||||||
(:require
|
|
||||||
[clojure.spec.alpha :as s]
|
|
||||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]))
|
|
||||||
|
|
||||||
(defn bash-php-env-string?
|
|
||||||
[input]
|
|
||||||
(and (bash/bash-env-string? input)
|
|
||||||
(not (re-matches #".*[\-\\\\]+.*" input))))
|
|
||||||
|
|
||||||
(s/def ::plain bash-php-env-string?)
|
|
|
@ -1,51 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.infra
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.pallet.core.infra :as core-infra]
|
|
||||||
[meissa.pallet.meissa-cloud.infra.backup :as backup]
|
|
||||||
[meissa.pallet.meissa-cloud.infra.cloud :as cloud]
|
|
||||||
[meissa.pallet.meissa-cloud.infra.postgres :as postgres]))
|
|
||||||
|
|
||||||
(def facility :meissa-cloud)
|
|
||||||
|
|
||||||
(def MeissaCloudInfra
|
|
||||||
(merge
|
|
||||||
{:user s/Keyword}
|
|
||||||
backup/MeissaBackupInfra
|
|
||||||
cloud/MeissaCloudInfra
|
|
||||||
postgres/MeissaPostgresInfra))
|
|
||||||
|
|
||||||
(s/defmethod core-infra/dda-init facility
|
|
||||||
[dda-crate config]
|
|
||||||
(let [facility (:facility dda-crate)
|
|
||||||
{:keys [user backup postgres cloud]} config
|
|
||||||
user-str (name user)]
|
|
||||||
(postgres/init facility user-str postgres)
|
|
||||||
(cloud/init facility user-str cloud)
|
|
||||||
(backup/init facility user-str backup)))
|
|
||||||
|
|
||||||
(s/defmethod core-infra/dda-install facility
|
|
||||||
[dda-crate config]
|
|
||||||
(let [facility (:facility dda-crate)
|
|
||||||
{:keys [user backup postgres cloud]} config
|
|
||||||
user-str (name user)]
|
|
||||||
(postgres/install facility user-str postgres)
|
|
||||||
(cloud/install facility user-str cloud)
|
|
||||||
(backup/install facility user-str backup)))
|
|
||||||
|
|
||||||
(s/defmethod core-infra/dda-configure facility
|
|
||||||
[dda-crate config]
|
|
||||||
(let [facility (:facility dda-crate)
|
|
||||||
{:keys [user backup postgres cloud]} config
|
|
||||||
user-str (name user)]
|
|
||||||
(postgres/configure facility user-str postgres)
|
|
||||||
(cloud/configure facility user-str cloud)
|
|
||||||
(backup/configure facility user-str backup)))
|
|
||||||
|
|
||||||
(def meissa-cloud
|
|
||||||
(core-infra/make-dda-crate-infra
|
|
||||||
:facility facility
|
|
||||||
:infra-schema MeissaCloudInfra))
|
|
||||||
|
|
||||||
(def with-cloud
|
|
||||||
(core-infra/create-infra-plan meissa-cloud))
|
|
|
@ -1,39 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.infra.backup
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.provision :as p]
|
|
||||||
[dda.provision.pallet :as pp]))
|
|
||||||
|
|
||||||
(s/def Backup
|
|
||||||
{:restic-repository s/Str
|
|
||||||
:aws-access-key-id s/Str
|
|
||||||
:aws-secret-access-key s/Str
|
|
||||||
:restic-password s/Str})
|
|
||||||
|
|
||||||
(def MeissaBackupInfra {:backup Backup})
|
|
||||||
|
|
||||||
(def backup "backup")
|
|
||||||
|
|
||||||
(defn init [facility user config])
|
|
||||||
|
|
||||||
(defn install
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name backup
|
|
||||||
::p/info "install")
|
|
||||||
(p/copy-resources-to-user
|
|
||||||
::pp/pallet user facility-name backup
|
|
||||||
[{:filename "backup-secret.yml" :config config}
|
|
||||||
{:filename "backup-config.yml" :config config}
|
|
||||||
{:filename "configure-as-user.sh"}
|
|
||||||
{:filename "backup-restore.yml"}
|
|
||||||
{:filename "backup-cron.yml"}])))
|
|
||||||
|
|
||||||
(defn configure
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name backup
|
|
||||||
::p/info "configure")
|
|
||||||
(p/exec-file-on-target-as-user
|
|
||||||
::pp/pallet user facility-name backup "configure-as-user.sh")
|
|
||||||
))
|
|
|
@ -1,57 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.infra.cloud
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.provision :as p]
|
|
||||||
[dda.provision.pallet :as pp]))
|
|
||||||
|
|
||||||
(s/def Cloud
|
|
||||||
{:fqdn s/Str
|
|
||||||
:secret-name s/Str
|
|
||||||
:cluster-issuer s/Str
|
|
||||||
:db-name s/Str
|
|
||||||
:db-user-name s/Str
|
|
||||||
:db-user-password s/Str
|
|
||||||
:admin-user s/Str
|
|
||||||
:admin-password s/Str
|
|
||||||
:storage-size s/Str})
|
|
||||||
|
|
||||||
(def MeissaCloudInfra {:cloud Cloud})
|
|
||||||
|
|
||||||
(def cloud "cloud")
|
|
||||||
|
|
||||||
(defn init
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name cloud
|
|
||||||
::p/info "init")
|
|
||||||
(p/copy-resources-to-tmp
|
|
||||||
::pp/pallet facility-name cloud
|
|
||||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
|
||||||
|
|
||||||
|
|
||||||
(defn install
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name cloud
|
|
||||||
::p/info "install")
|
|
||||||
(p/copy-resources-to-user
|
|
||||||
::pp/pallet user facility-name cloud
|
|
||||||
[{:filename "pod-running.sh"}
|
|
||||||
{:filename "cloud-persistent-volume.yml" :config config}
|
|
||||||
{:filename "cloud-secret.yml" :config config}
|
|
||||||
{:filename "cloud-service.yml"}
|
|
||||||
{:filename "cloud-pvc.yml" :config config}
|
|
||||||
{:filename "cloud-pod.yml" :config config}
|
|
||||||
{:filename "cloud-ingress.yml" :config config}
|
|
||||||
{:filename "configure-as-user.sh"}
|
|
||||||
{:filename "verify.sh" :config config}])
|
|
||||||
(p/exec-file-on-target-as-root
|
|
||||||
::pp/pallet facility-name cloud "install-as-root.sh")))
|
|
||||||
|
|
||||||
(defn configure
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name cloud
|
|
||||||
::p/info "configure")
|
|
||||||
(p/exec-file-on-target-as-user
|
|
||||||
::pp/pallet user facility-name cloud "configure-as-user.sh")))
|
|
|
@ -1,47 +0,0 @@
|
||||||
(ns meissa.pallet.meissa-cloud.infra.postgres
|
|
||||||
(:require
|
|
||||||
[schema.core :as s]
|
|
||||||
[dda.provision :as p]
|
|
||||||
[dda.provision.pallet :as pp]))
|
|
||||||
|
|
||||||
(s/def Postgres {:db-user-name s/Str :db-user-password s/Str})
|
|
||||||
|
|
||||||
(def MeissaPostgresInfra {:postgres Postgres})
|
|
||||||
|
|
||||||
(def postgres "postgres")
|
|
||||||
|
|
||||||
(defn init
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name postgres
|
|
||||||
::p/info "init")
|
|
||||||
(p/copy-resources-to-tmp
|
|
||||||
::pp/pallet facility-name postgres
|
|
||||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
|
||||||
|
|
||||||
|
|
||||||
(defn install
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name postgres
|
|
||||||
::p/info "install")
|
|
||||||
(p/copy-resources-to-user
|
|
||||||
::pp/pallet user facility-name postgres
|
|
||||||
[{:filename "postgres-persistent-volume.yml"}
|
|
||||||
{:filename "postgres-secret.yml" :config config}
|
|
||||||
{:filename "postgres-config.yml"}
|
|
||||||
{:filename "postgres-service.yml"}
|
|
||||||
{:filename "postgres-pvc.yml"}
|
|
||||||
{:filename "postgres-deployment.yml" :config config}
|
|
||||||
{:filename "configure-as-user.sh"}
|
|
||||||
{:filename "verify.sh"}])
|
|
||||||
(p/exec-file-on-target-as-root
|
|
||||||
::pp/pallet facility-name postgres "install-as-root.sh")))
|
|
||||||
|
|
||||||
(defn configure
|
|
||||||
[facility user config]
|
|
||||||
(let [facility-name (name facility)]
|
|
||||||
(p/provision-log ::pp/pallet facility-name postgres
|
|
||||||
::p/info "configure")
|
|
||||||
(p/exec-file-on-target-as-user
|
|
||||||
::pp/pallet user facility-name postgres "configure-as-user.sh")))
|
|
|
@ -38,8 +38,8 @@
|
||||||
:uberjar {:source-paths ["uberjar/src"]
|
:uberjar {:source-paths ["uberjar/src"]
|
||||||
:resource-paths ["uberjar/resources"]
|
:resource-paths ["uberjar/resources"]
|
||||||
:aot :all
|
:aot :all
|
||||||
:main meissa.pallet.meissa-cloud.main
|
:main dda.c4k-nextcloud.uberjar
|
||||||
:uberjar-name "meissa-cloud-standalone.jar"
|
:uberjar-name "c4k-nextcloud-standalone.jar"
|
||||||
:dependencies [[org.clojure/tools.cli "1.0.194"]
|
:dependencies [[org.clojure/tools.cli "1.0.194"]
|
||||||
[ch.qos.logback/logback-classic "1.3.0-alpha5"]
|
[ch.qos.logback/logback-classic "1.3.0-alpha5"]
|
||||||
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}}
|
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}}
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
(ns dda.c4k-cloud.uberjar
|
(ns dda.c4k-nextcloud.uberjar
|
||||||
(:gen-class)
|
(:gen-class)
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[clojure.string :as cs]
|
[clojure.string :as cs]
|
||||||
[clojure.tools.reader.edn :as edn]
|
[clojure.tools.reader.edn :as edn]
|
||||||
[expound.alpha :as expound]
|
[expound.alpha :as expound]
|
||||||
[dda.c4k-cloud.core :as core]))
|
[dda.c4k-nextcloud.core :as core]))
|
||||||
|
|
||||||
(def usage
|
(def usage
|
||||||
"usage:
|
"usage:
|
||||||
|
|
||||||
c4k-cloud {your configuraton file} {your authorization file}")
|
c4k-nextcloud {your configuraton file} {your authorization file}")
|
||||||
|
|
||||||
(s/def ::options (s/* #{"-h"}))
|
(s/def ::options (s/* #{"-h"}))
|
||||||
(s/def ::filename (s/and string?
|
(s/def ::filename (s/and string?
|
|
@ -1,4 +1,4 @@
|
||||||
(ns dda.c4k-cloud.backup
|
(ns dda.c4k-nextcloud.backup
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:cljs [shadow.resource :as rc])
|
#?(:cljs [shadow.resource :as rc])
|
|
@ -1,4 +1,4 @@
|
||||||
(ns dda.c4k-cloud.cloud
|
(ns dda.c4k-nextcloud.nextcloud
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:cljs [shadow.resource :as rc])
|
#?(:cljs [shadow.resource :as rc])
|
||||||
|
@ -7,31 +7,32 @@
|
||||||
|
|
||||||
(s/def ::fqdn cm/fqdn-string?)
|
(s/def ::fqdn cm/fqdn-string?)
|
||||||
(s/def ::issuer cm/letsencrypt-issuer?)
|
(s/def ::issuer cm/letsencrypt-issuer?)
|
||||||
(s/def ::cloud-data-volume-path string?)
|
(s/def ::restic-repository string?)
|
||||||
|
(s/def ::nextcloud-data-volume-path string?)
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :cloud [resource-name]
|
(defmethod yaml/load-resource :nextcloud [resource-name]
|
||||||
(case resource-name
|
(case resource-name
|
||||||
"cloud/certificate.yaml" (rc/inline "cloud/certificate.yaml")
|
"nextcloud/certificate.yaml" (rc/inline "nextcloud/certificate.yaml")
|
||||||
"cloud/deployment.yaml" (rc/inline "cloud/deployment.yaml")
|
"nextcloud/deployment.yaml" (rc/inline "nextcloud/deployment.yaml")
|
||||||
"cloud/ingress.yaml" (rc/inline "cloud/ingress.yaml")
|
"nextcloud/ingress.yaml" (rc/inline "nextcloud/ingress.yaml")
|
||||||
"cloud/persistent-volume.yaml" (rc/inline "cloud/persistent-volume.yaml")
|
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
|
||||||
"cloud/pvc.yaml" (rc/inline "cloud/pvc.yaml")
|
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
|
||||||
"cloud/service.yaml" (rc/inline "cloud/service.yaml")
|
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
|
||||||
(throw (js/Error. "Undefined Resource!")))))
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
(defn generate-certificate [config]
|
(defn generate-certificate [config]
|
||||||
(let [{:keys [fqdn issuer]} config
|
(let [{:keys [fqdn issuer]} config
|
||||||
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "cloud/certificate.yaml"))
|
(yaml/from-string (yaml/load-resource "nextcloud/certificate.yaml"))
|
||||||
(assoc-in [:spec :commonName] fqdn)
|
(assoc-in [:spec :commonName] fqdn)
|
||||||
(assoc-in [:spec :dnsNames] [fqdn])
|
(assoc-in [:spec :dnsNames] [fqdn])
|
||||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
|
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
|
||||||
|
|
||||||
(defn generate-deployment [config]
|
(defn generate-deployment [config]
|
||||||
(let [{:keys [fqdn]} config]
|
(let [{:keys [fqdn]} config]
|
||||||
(-> (yaml/from-string (yaml/load-resource "cloud/deployment.yaml"))
|
(-> (yaml/from-string (yaml/load-resource "nextcloud/deployment.yaml"))
|
||||||
(cm/replace-named-value "FQDN" fqdn))))
|
(cm/replace-named-value "FQDN" fqdn))))
|
||||||
|
|
||||||
(defn generate-ingress [config]
|
(defn generate-ingress [config]
|
||||||
|
@ -39,18 +40,18 @@
|
||||||
:or {issuer :staging}} config
|
:or {issuer :staging}} config
|
||||||
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "cloud/ingress.yaml"))
|
(yaml/from-string (yaml/load-resource "nextcloud/ingress.yaml"))
|
||||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||||
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||||
|
|
||||||
(defn generate-persistent-volume [config]
|
(defn generate-persistent-volume [config]
|
||||||
(let [{:keys [cloud-data-volume-path]} config]
|
(let [{:keys [nextcloud-data-volume-path]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "cloud/persistent-volume.yaml"))
|
(yaml/from-string (yaml/load-resource "nextcloud/persistent-volume.yaml"))
|
||||||
(assoc-in [:spec :hostPath :path] cloud-data-volume-path))))
|
(assoc-in [:spec :hostPath :path] nextcloud-data-volume-path))))
|
||||||
|
|
||||||
(defn generate-pvc []
|
(defn generate-pvc []
|
||||||
(yaml/from-string (yaml/load-resource "cloud/pvc.yaml")))
|
(yaml/from-string (yaml/load-resource "nextcloud/pvc.yaml")))
|
||||||
|
|
||||||
(defn generate-service []
|
(defn generate-service []
|
||||||
(yaml/from-string (yaml/load-resource "cloud/service.yaml")))
|
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
|
|
@ -1,4 +1,4 @@
|
||||||
(ns dda.c4k-cloud.core
|
(ns dda.c4k-nextcloud.core
|
||||||
(:require
|
(:require
|
||||||
[clojure.string :as cs]
|
[clojure.string :as cs]
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
|
@ -6,13 +6,13 @@
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.postgres :as postgres]
|
[dda.c4k-common.postgres :as postgres]
|
||||||
[dda.c4k-cloud.cloud :as cloud]
|
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||||
[dda.c4k-cloud.backup :as backup]))
|
[dda.c4k-nextcloud.backup :as backup]))
|
||||||
|
|
||||||
(def config-defaults {:issuer :staging})
|
(def config-defaults {:issuer :staging})
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::cloud/fqdn]
|
(def config? (s/keys :req-un [::nextcloud/fqdn]
|
||||||
:opt-un [::cloud/issuer ::cloud/cloud-data-volume-path
|
:opt-un [::nextcloud/issuer ::nextcloud/nextcloud-data-volume-path
|
||||||
::postgres/postgres-data-volume-path ::restic-repository]))
|
::postgres/postgres-data-volume-path ::restic-repository]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
||||||
|
@ -29,14 +29,14 @@
|
||||||
[(yaml/to-string (postgres/generate-pvc))
|
[(yaml/to-string (postgres/generate-pvc))
|
||||||
(yaml/to-string (postgres/generate-deployment))
|
(yaml/to-string (postgres/generate-deployment))
|
||||||
(yaml/to-string (postgres/generate-service))]
|
(yaml/to-string (postgres/generate-service))]
|
||||||
(when (contains? config :cloud-data-volume-path)
|
(when (contains? config :nextcloud-data-volume-path)
|
||||||
[(yaml/to-string (cloud/generate-persistent-volume config))])
|
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
|
||||||
[(yaml/to-string (cloud/generate-pvc))
|
[(yaml/to-string (nextcloud/generate-pvc))
|
||||||
(yaml/to-string (cloud/generate-deployment config))
|
(yaml/to-string (nextcloud/generate-deployment config))
|
||||||
(yaml/to-string (cloud/generate-service))
|
(yaml/to-string (nextcloud/generate-service))
|
||||||
(yaml/to-string (cloud/generate-certificate config))
|
(yaml/to-string (nextcloud/generate-certificate config))
|
||||||
(yaml/to-string (cloud/generate-ingress config))
|
(yaml/to-string (nextcloud/generate-ingress config))
|
||||||
(yaml/to-string (cloud/generate-service))]
|
(yaml/to-string (nextcloud/generate-service))]
|
||||||
(when (contains? config :restic-repository)
|
(when (contains? config :restic-repository)
|
||||||
[(yaml/to-string (backup/generate-config config))
|
[(yaml/to-string (backup/generate-config config))
|
||||||
(yaml/to-string (backup/generate-secret config))
|
(yaml/to-string (backup/generate-secret config))
|
|
@ -1,19 +1,20 @@
|
||||||
(ns dda.c4k-cloud.browser
|
(ns dda.c4k-nextcloud.browser
|
||||||
(:require
|
(:require
|
||||||
[clojure.tools.reader.edn :as edn]
|
[clojure.tools.reader.edn :as edn]
|
||||||
[dda.c4k-cloud.core :as core]
|
[dda.c4k-nextcloud.core :as core]
|
||||||
[dda.c4k-cloud.cloud :as cloud]
|
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||||
[dda.c4k-common.browser :as br]))
|
[dda.c4k-common.browser :as br]
|
||||||
|
[dda.c4k-common.postgres :as pgc]))
|
||||||
|
|
||||||
(defn config-from-document []
|
(defn config-from-document []
|
||||||
(let [cloud-data-volume-path (br/get-content-from-element "cloud-data-volume-path" :optional true :deserializer keyword)
|
(let [nextcloud-data-volume-path (br/get-content-from-element "nextcloud-data-volume-path" :optional true)
|
||||||
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true :deserializer keyword)
|
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true)
|
||||||
restic-repository (br/get-content-from-element "restic-repository" :optional true :deserializer keyword)
|
restic-repository (br/get-content-from-element "restic-repository" :optional true)
|
||||||
issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)]
|
issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)]
|
||||||
(merge
|
(merge
|
||||||
{:fqdn (br/get-content-from-element "fqdn")}
|
{:fqdn (br/get-content-from-element "fqdn")}
|
||||||
(when (some? cloud-data-volume-path)
|
(when (some? nextcloud-data-volume-path)
|
||||||
{:cloud-data-volume-path cloud-data-volume-path})
|
{:nextcloud-data-volume-path nextcloud-data-volume-path})
|
||||||
(when (some? postgres-data-volume-path)
|
(when (some? postgres-data-volume-path)
|
||||||
{:postgres-data-volume-path postgres-data-volume-path})
|
{:postgres-data-volume-path postgres-data-volume-path})
|
||||||
(when (some? restic-repository)
|
(when (some? restic-repository)
|
||||||
|
@ -23,11 +24,11 @@
|
||||||
)))
|
)))
|
||||||
|
|
||||||
(defn validate-all! []
|
(defn validate-all! []
|
||||||
(br/validate! "fqdn" ::cloud/fqdn)
|
(br/validate! "fqdn" ::nextcloud/fqdn)
|
||||||
(br/validate! "cloud-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword)
|
(br/validate! "nextcloud-data-volume-path" ::nextcloud/nextcloud-data-volume-path :optional true)
|
||||||
(br/validate! "postgres-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword)
|
(br/validate! "postgres-data-volume-path" ::pgc/postgres-data-volume-path :optional true)
|
||||||
(br/validate! "restic-repository" ::cloud/restic-repository :optional true :deserializer keyword)
|
(br/validate! "restic-repository" ::nextcloud/restic-repository :optional true)
|
||||||
(br/validate! "issuer" ::cloud/issuer :optional true :deserializer keyword)
|
(br/validate! "issuer" ::nextcloud/issuer :optional true :deserializer keyword)
|
||||||
(br/validate! "auth" core/auth? :deserializer edn/read-string)
|
(br/validate! "auth" core/auth? :deserializer edn/read-string)
|
||||||
(br/set-validated!))
|
(br/set-validated!))
|
||||||
|
|
||||||
|
@ -43,7 +44,7 @@
|
||||||
(-> (br/get-element-by-id "fqdn")
|
(-> (br/get-element-by-id "fqdn")
|
||||||
(.addEventListener "blur"
|
(.addEventListener "blur"
|
||||||
#(do (validate-all!))))
|
#(do (validate-all!))))
|
||||||
(-> (br/get-element-by-id "cloud-data-volume-path")
|
(-> (br/get-element-by-id "nextcloud-data-volume-path")
|
||||||
(.addEventListener "blur"
|
(.addEventListener "blur"
|
||||||
#(do (validate-all!))))
|
#(do (validate-all!))))
|
||||||
(-> (br/get-element-by-id "postgres-data-volume-path")
|
(-> (br/get-element-by-id "postgres-data-volume-path")
|
|
@ -12,21 +12,12 @@ spec:
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/entrypoint-start-and-wait.sh"]
|
command: ["/entrypoint-start-and-wait.sh"]
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER_FILE
|
||||||
valueFrom:
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
secretKeyRef:
|
- name: POSTGRES_DB_FILE
|
||||||
name: postgres-secret
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
key: postgres-user
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
- name: POSTGRES_DB
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
valueFrom:
|
|
||||||
configMapKeyRef:
|
|
||||||
name: postgres-config
|
|
||||||
key: postgres-db
|
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: postgres-secret
|
|
||||||
key: postgres-password
|
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: "postgresql-service:5432"
|
value: "postgresql-service:5432"
|
||||||
- name: POSTGRES_SERVICE
|
- name: POSTGRES_SERVICE
|
||||||
|
@ -52,10 +43,16 @@ spec:
|
||||||
- name: backup-secret-volume
|
- name: backup-secret-volume
|
||||||
mountPath: /var/run/secrets/backup-secrets
|
mountPath: /var/run/secrets/backup-secrets
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: cloud-data-volume
|
- name: cloud-data-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: cloud-pvc
|
claimName: cloud-pvc
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: cloud-secret
|
||||||
- name: backup-secret-volume
|
- name: backup-secret-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: backup-secret
|
secretName: backup-secret
|
||||||
|
|
|
@ -6,33 +6,24 @@ metadata:
|
||||||
app.kubernetes.part-of: cloud
|
app.kubernetes.part-of: cloud
|
||||||
spec:
|
spec:
|
||||||
schedule: "10 23 * * *"
|
schedule: "10 23 * * *"
|
||||||
successfulJobsHistoryLimit: 1
|
successfulJobsHistoryLimit: 0
|
||||||
failedJobsHistoryLimit: 1
|
failedJobsHistoryLimit: 0
|
||||||
jobTemplate:
|
jobTemplate:
|
||||||
spec:
|
spec:
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: backup-app
|
- name: backup-app
|
||||||
image: domaindrivenarchitecture/c4k-cloud-backup
|
image: domaindrivenarchitecture/meissa-cloud-backup
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/entrypoint.sh"]
|
command: ["/entrypoint.sh"]
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER_FILE
|
||||||
valueFrom:
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
secretKeyRef:
|
- name: POSTGRES_DB_FILE
|
||||||
name: postgres-secret
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
key: postgres-user
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
- name: POSTGRES_PASSWORD
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: postgres-secret
|
|
||||||
key: postgres-password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
valueFrom:
|
|
||||||
configMapKeyRef:
|
|
||||||
name: postgres-config
|
|
||||||
key: postgres-db
|
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: "postgresql-service:5432"
|
value: "postgresql-service:5432"
|
||||||
- name: POSTGRES_SERVICE
|
- name: POSTGRES_SERVICE
|
||||||
|
@ -58,10 +49,16 @@ spec:
|
||||||
- name: backup-secret-volume
|
- name: backup-secret-volume
|
||||||
mountPath: /var/run/secrets/backup-secrets
|
mountPath: /var/run/secrets/backup-secrets
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: cloud-data-volume
|
- name: cloud-data-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: cloud-pvc
|
claimName: cloud-pvc
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: cloud-secret
|
||||||
- name: backup-secret-volume
|
- name: backup-secret-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: backup-secret
|
secretName: backup-secret
|
||||||
|
|
|
@ -3,7 +3,7 @@ kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: backup-secret
|
name: backup-secret
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
stringData:
|
||||||
aws-access-key-id: aws-access-key-id
|
aws-access-key-id: aws-access-key-id
|
||||||
aws-secret-access-key: aws-secret-access-key
|
aws-secret-access-key: aws-secret-access-key
|
||||||
restic-password: restic-password
|
restic-password: restic-password
|
|
@ -14,27 +14,39 @@ spec:
|
||||||
app: cloud
|
app: cloud
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- image: domaindrivenarchitecture/c4k-cloud
|
- image: domaindrivenarchitecture/meissa-cloud-app
|
||||||
name: cloud-app
|
name: cloud-app
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
env:
|
env:
|
||||||
- name: DB_USERNAME_FILE
|
- name: NEXTCLOUD_ADMIN_USER_FILE
|
||||||
value: /var/run/secrets/postgres-secret/postgres-user
|
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
||||||
- name: DB_PASSWORD_FILE
|
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
||||||
value: /var/run/secrets/postgres-secret/postgres-password
|
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
||||||
- name: FQDN
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||||
value: fqdn
|
value: "{{fqdn}}"
|
||||||
command: ["/app/entrypoint.sh"]
|
- name: POSTGRES_USER_FILE
|
||||||
volumeMounts:
|
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||||
- mountPath: /var/cloud
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
name: cloud-data-volume
|
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||||
- name: postgres-secret-volume
|
- name: POSTGRES_DB_FILE
|
||||||
mountPath: /var/run/secrets/postgres-secret
|
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: "postgresql-service:5432"
|
||||||
|
volumeMounts:
|
||||||
|
- name: cloud-data-volume
|
||||||
|
mountPath: /var/www/html
|
||||||
|
- name: cloud-secret-volume
|
||||||
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
readOnly: true
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: cloud-data-volume
|
- name: cloud-data-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: cloud-pvc
|
claimName: cloud-pvc
|
||||||
- name: postgres-secret-volume
|
- name: cloud-secret-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: postgres-secret
|
secretName: cloud-secret
|
||||||
|
- name: backup-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: backup-secret
|
||||||
|
|
|
@ -23,4 +23,4 @@ spec:
|
||||||
- path: /
|
- path: /
|
||||||
backend:
|
backend:
|
||||||
serviceName: cloud-service
|
serviceName: cloud-service
|
||||||
servicePort: 8080
|
servicePort: 80
|
||||||
|
|
|
@ -4,11 +4,12 @@ metadata:
|
||||||
name: cloud-pv-volume
|
name: cloud-pv-volume
|
||||||
labels:
|
labels:
|
||||||
type: local
|
type: local
|
||||||
|
app: cloud
|
||||||
spec:
|
spec:
|
||||||
storageClassName: manual
|
storageClassName: manual
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
capacity:
|
capacity:
|
||||||
storage: 30Gi
|
storage: {{storage-size}}Gi #??? 30Gi?
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/var/cloud"
|
path: "/var/cloud"
|
||||||
|
|
0
main/resources/cloud/pod-running.sh → src/main/resources/cloud/pod-running.sh
Executable file → Normal file
0
main/resources/cloud/pod-running.sh → src/main/resources/cloud/pod-running.sh
Executable file → Normal file
|
@ -10,4 +10,7 @@ spec:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 30Gi
|
storage: {{storage-size}}Gi #??? 30Gi?
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: cloud
|
||||||
|
|
|
@ -4,6 +4,6 @@ metadata:
|
||||||
name: cloud-service
|
name: cloud-service
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
app: cloud
|
app.kubernetes.io/name: cloud #???
|
||||||
ports:
|
ports:
|
||||||
- port: 8080
|
- port: 80
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
<configuration scan="true" scanPeriod="1 seconds" debug="false">
|
|
||||||
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
|
|
||||||
<encoder>
|
|
||||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
|
||||||
</encoder>
|
|
||||||
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
|
|
||||||
<level>INFO</level>
|
|
||||||
</filter>
|
|
||||||
</appender>
|
|
||||||
|
|
||||||
<appender name="PALLETFILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
|
||||||
<file>logs/pallet.log</file>
|
|
||||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
|
||||||
<fileNamePattern>logs/old/pallet.%d{yyyy-MM-dd}.log</fileNamePattern>
|
|
||||||
<maxHistory>3</maxHistory>
|
|
||||||
</rollingPolicy>
|
|
||||||
<encoder>
|
|
||||||
<pattern>%date %level [%thread] %logger{10} %msg%n</pattern>
|
|
||||||
</encoder>
|
|
||||||
</appender>
|
|
||||||
|
|
||||||
<logger name="clj-ssh.ssh" level="ERROR">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<logger name="pallet" level="DEBUG">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<logger name="pallet.ssh" level="ERROR">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<logger name="pallet.algo" level="ERROR">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<logger name="dda" level="DEBUG">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<logger name="meissa" level="DEBUG">
|
|
||||||
<appender-ref ref="PALLETFILE" />
|
|
||||||
</logger>
|
|
||||||
|
|
||||||
<root level="DEBUG">
|
|
||||||
<appender-ref ref="CONSOLE" />
|
|
||||||
</root>
|
|
||||||
|
|
||||||
</configuration>
|
|
|
@ -1,93 +0,0 @@
|
||||||
(ns dda.c4k-cloud.backup-test
|
|
||||||
(:require
|
|
||||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
|
||||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
|
||||||
[dda.c4k-cloud.backup :as cut]))
|
|
||||||
|
|
||||||
|
|
||||||
(deftest should-generate-secret
|
|
||||||
(is (= {:apiVersion "v1"
|
|
||||||
:kind "Secret"
|
|
||||||
:metadata {:name "backup-secret"}
|
|
||||||
:type "Opaque"
|
|
||||||
:data
|
|
||||||
{:aws-access-key-id "YXdzLWlk", :aws-secret-access-key "YXdzLXNlY3JldA==", :restic-password "cmVzdGljLXB3"}}
|
|
||||||
(cut/generate-secret {:aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-pw"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-config
|
|
||||||
(is (= {:apiVersion "v1"
|
|
||||||
:kind "ConfigMap"
|
|
||||||
:metadata {:name "backup-config"
|
|
||||||
:labels {:app.kubernetes.io/name "backup"
|
|
||||||
:app.kubernetes.io/part-of "cloud"}}
|
|
||||||
:data
|
|
||||||
{:restic-repository "s3:restic-repository"}}
|
|
||||||
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-cron
|
|
||||||
(is (= {:apiVersion "batch/v1beta1"
|
|
||||||
:kind "CronJob"
|
|
||||||
:metadata {:name "cloud-backup"
|
|
||||||
:labels {:app.kubernetes.part-of "cloud"}}
|
|
||||||
:spec {:schedule "10 23 * * *"
|
|
||||||
:successfulJobsHistoryLimit 1
|
|
||||||
:failedJobsHistoryLimit 1
|
|
||||||
:jobTemplate
|
|
||||||
{:spec
|
|
||||||
{:template
|
|
||||||
{:spec
|
|
||||||
{:containers
|
|
||||||
[{:name "backup-app"
|
|
||||||
:image "domaindrivenarchitecture/c4k-cloud-backup"
|
|
||||||
:imagePullPolicy "IfNotPresent"
|
|
||||||
:command ["/entrypoint.sh"]
|
|
||||||
:env
|
|
||||||
[{:name "POSTGRES_USER"
|
|
||||||
:valueFrom
|
|
||||||
{:secretKeyRef
|
|
||||||
{:name "postgres-secret"
|
|
||||||
:key "postgres-user"}}}
|
|
||||||
{:name "POSTGRES_PASSWORD"
|
|
||||||
:valueFrom
|
|
||||||
{:secretKeyRef
|
|
||||||
{:name "postgres-secret"
|
|
||||||
:key "postgres-password"}}}
|
|
||||||
{:name "POSTGRES_DB"
|
|
||||||
:valueFrom
|
|
||||||
{:configMapKeyRef
|
|
||||||
{:name "postgres-config"
|
|
||||||
:key "postgres-db"}}}
|
|
||||||
{:name "POSTGRES_HOST"
|
|
||||||
:value "postgresql-service:5432"}
|
|
||||||
{:name "POSTGRES_SERVICE"
|
|
||||||
:value "postgresql-service"}
|
|
||||||
{:name "POSTGRES_PORT"
|
|
||||||
:value "5432"}
|
|
||||||
{:name "AWS_DEFAULT_REGION"
|
|
||||||
:value "eu-central-1"}
|
|
||||||
{:name "AWS_ACCESS_KEY_ID_FILE"
|
|
||||||
:value "/var/run/secrets/backup-secrets/aws-access-key-id"}
|
|
||||||
{:name "AWS_SECRET_ACCESS_KEY_FILE"
|
|
||||||
:value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
|
|
||||||
{:name "RESTIC_REPOSITORY"
|
|
||||||
:valueFrom
|
|
||||||
{:configMapKeyRef
|
|
||||||
{:name "backup-config"
|
|
||||||
:key "restic-repository"}}}
|
|
||||||
{:name "RESTIC_PASSWORD_FILE"
|
|
||||||
:value "/var/run/secrets/backup-secrets/restic-password"}]
|
|
||||||
:volumeMounts
|
|
||||||
[{:name "cloud-data-volume"
|
|
||||||
:mountPath "/var/backups"}
|
|
||||||
{:name "backup-secret-volume"
|
|
||||||
:mountPath "/var/run/secrets/backup-secrets"
|
|
||||||
:readOnly true}]}]
|
|
||||||
:volumes
|
|
||||||
[{:name "cloud-data-volume"
|
|
||||||
:persistentVolumeClaim
|
|
||||||
{:claimName "cloud-pvc"}}
|
|
||||||
{:name "backup-secret-volume"
|
|
||||||
:secret
|
|
||||||
{:secretName "backup-secret"}}]
|
|
||||||
:restartPolicy "OnFailure"}}}}}}
|
|
||||||
(cut/generate-cron))))
|
|
|
@ -1,80 +0,0 @@
|
||||||
(ns dda.c4k-cloud.cloud-test
|
|
||||||
(:require
|
|
||||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
|
||||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
|
||||||
[dda.c4k-cloud.cloud :as cut]))
|
|
||||||
|
|
||||||
(deftest should-generate-certificate
|
|
||||||
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
|
||||||
:kind "Certificate"
|
|
||||||
:metadata {:name "cloud-cert", :namespace "default"}
|
|
||||||
:spec
|
|
||||||
{:secretName "cloud-secret"
|
|
||||||
:commonName "xx"
|
|
||||||
:dnsNames ["xx"]
|
|
||||||
:issuerRef
|
|
||||||
{:name "letsencrypt-prod-issuer", :kind "ClusterIssuer"}}}
|
|
||||||
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
|
||||||
|
|
||||||
(deftest should-generate-ingress
|
|
||||||
(is (= {:apiVersion "extensions/v1beta1"
|
|
||||||
:kind "Ingress"
|
|
||||||
:metadata
|
|
||||||
{:name "ingress-cloud"
|
|
||||||
:annotations
|
|
||||||
{:cert-manager.io/cluster-issuer
|
|
||||||
"letsencrypt-staging-issuer"
|
|
||||||
:nginx.ingress.kubernetes.io/proxy-body-size "256m"
|
|
||||||
:nginx.ingress.kubernetes.io/ssl-redirect "true"
|
|
||||||
:nginx.ingress.kubernetes.io/rewrite-target "/"
|
|
||||||
:nginx.ingress.kubernetes.io/proxy-connect-timeout "300"
|
|
||||||
:nginx.ingress.kubernetes.io/proxy-send-timeout "300"
|
|
||||||
:nginx.ingress.kubernetes.io/proxy-read-timeout "300"}
|
|
||||||
:namespace "default"}
|
|
||||||
:spec
|
|
||||||
{:tls [{:hosts ["xx"], :secretName "cloud-secret"}]
|
|
||||||
:rules
|
|
||||||
[{:host "xx"
|
|
||||||
:http
|
|
||||||
{:paths
|
|
||||||
[{:path "/"
|
|
||||||
:backend
|
|
||||||
{:serviceName "cloud-service", :servicePort 8080}}]}}]}}
|
|
||||||
(cut/generate-ingress {:fqdn "xx"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-persistent-volume
|
|
||||||
(is (= {:kind "PersistentVolume"
|
|
||||||
:apiVersion "v1"
|
|
||||||
:metadata {:name "cloud-pv-volume", :labels {:type "local"}}
|
|
||||||
:spec
|
|
||||||
{:storageClassName "manual"
|
|
||||||
:accessModes ["ReadWriteOnce"]
|
|
||||||
:capacity {:storage "30Gi"}
|
|
||||||
:hostPath {:path "xx"}}}
|
|
||||||
(cut/generate-persistent-volume {:cloud-data-volume-path "xx"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-deployment
|
|
||||||
(is (= {:containers
|
|
||||||
[{:image "domaindrivenarchitecture/c4k-cloud"
|
|
||||||
:name "cloud-app"
|
|
||||||
:imagePullPolicy "IfNotPresent"
|
|
||||||
:env
|
|
||||||
[{:name "DB_USERNAME_FILE"
|
|
||||||
:value
|
|
||||||
"/var/run/secrets/postgres-secret/postgres-user"}
|
|
||||||
{:name "DB_PASSWORD_FILE"
|
|
||||||
:value
|
|
||||||
"/var/run/secrets/postgres-secret/postgres-password"}
|
|
||||||
{:name "FQDN", :value "xx"}]
|
|
||||||
:command ["/app/entrypoint.sh"]
|
|
||||||
:volumeMounts
|
|
||||||
[{:mountPath "/var/cloud", :name "cloud-data-volume"}
|
|
||||||
{:name "postgres-secret-volume"
|
|
||||||
:mountPath "/var/run/secrets/postgres-secret"
|
|
||||||
:readOnly true}]}]
|
|
||||||
:volumes
|
|
||||||
[{:name "cloud-data-volume"
|
|
||||||
:persistentVolumeClaim {:claimName "cloud-pvc"}}
|
|
||||||
{:name "postgres-secret-volume"
|
|
||||||
:secret {:secretName "postgres-secret"}}]}
|
|
||||||
(get-in (cut/generate-deployment {:fqdn "xx"}) [:spec :template :spec]))))
|
|
|
@ -1,35 +0,0 @@
|
||||||
(ns dda.c4k-cloud.core-test
|
|
||||||
(:require
|
|
||||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
|
||||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
|
||||||
[dda.c4k-cloud.core :as cut]))
|
|
||||||
|
|
||||||
(deftest should-k8s-objects
|
|
||||||
(is (= 16
|
|
||||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
|
||||||
:postgres-db-user "cloud"
|
|
||||||
:postgres-db-password "cloud-db-password"
|
|
||||||
:issuer :prod
|
|
||||||
:cloud-data-volume-path "/var/cloud"
|
|
||||||
:postgres-data-volume-path "/var/postgres"
|
|
||||||
:aws-access-key-id "aws-id"
|
|
||||||
:aws-secret-access-key "aws-secret"
|
|
||||||
:restic-password "restic-pw"
|
|
||||||
:restic-repository "restic-repository"}))))
|
|
||||||
(is (= 14
|
|
||||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
|
||||||
:postgres-db-user "cloud"
|
|
||||||
:postgres-db-password "cloud-db-password"
|
|
||||||
:issuer :prod
|
|
||||||
:aws-access-key-id "aws-id"
|
|
||||||
:aws-secret-access-key "aws-secret"
|
|
||||||
:restic-password "restic-pw"
|
|
||||||
:restic-repository "restic-repository"}))))
|
|
||||||
(is (= 11
|
|
||||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
|
||||||
:postgres-db-user "cloud"
|
|
||||||
:postgres-db-password "cloud-db-password"
|
|
||||||
:issuer :prod
|
|
||||||
:aws-access-key-id "aws-id"
|
|
||||||
:aws-secret-access-key "aws-secret"
|
|
||||||
:restic-password "restic-pw"})))))
|
|
|
@ -1,8 +1,8 @@
|
||||||
(ns meissa.pallet.meissa-cloud.app-test
|
(ns meissa.pallet.meissa-nextcloud.app-test
|
||||||
(:require
|
(:require
|
||||||
[clojure.test :refer :all]
|
[clojure.test :refer :all]
|
||||||
[schema.core :as s]
|
[schema.core :as s]
|
||||||
[meissa.pallet.meissa-cloud.app :as sut]))
|
[meissa.pallet.meissa-nextcloud.app :as sut]))
|
||||||
|
|
||||||
(s/set-fn-validation! true)
|
(s/set-fn-validation! true)
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
:admin-user "root"
|
:admin-user "root"
|
||||||
:admin-password "test1234"
|
:admin-password "test1234"
|
||||||
:storage-size 50
|
:storage-size 50
|
||||||
:restic-repository "cloud"
|
:restic-repository "nextcloud"
|
||||||
:aws-access-key-id "10"
|
:aws-access-key-id "10"
|
||||||
:aws-secret-access-key "secret"
|
:aws-secret-access-key "secret"
|
||||||
:restic-password "test4321"})
|
:restic-password "test4321"})
|
||||||
|
@ -28,4 +28,4 @@
|
||||||
(deftest plan-def
|
(deftest plan-def
|
||||||
(testing
|
(testing
|
||||||
"test plan-def"
|
"test plan-def"
|
||||||
(is (map? sut/with-cloud))))
|
(is (map? sut/with-nextcloud))))
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
(ns meissa.pallet.meissa-cloud.main
|
(ns meissa.pallet.meissa-nextcloud.main
|
||||||
(:gen-class)
|
(:gen-class)
|
||||||
(:require
|
(:require
|
||||||
[clojure.string :as str]
|
[clojure.string :as str]
|
||||||
[clojure.tools.cli :as cli]
|
[clojure.tools.cli :as cli]
|
||||||
[dda.pallet.core.main-helper :as mh]
|
[dda.pallet.core.main-helper :as mh]
|
||||||
[dda.pallet.core.app :as core-app]
|
[dda.pallet.core.app :as core-app]
|
||||||
[meissa.pallet.meissa-cloud.app :as app]))
|
[meissa.pallet.meissa-nextcloud.app :as app]))
|
||||||
|
|
||||||
(def cli-options
|
(def cli-options
|
||||||
[["-h" "--help"]
|
[["-h" "--help"]
|
||||||
|
@ -17,16 +17,16 @@
|
||||||
(defn usage [options-summary]
|
(defn usage [options-summary]
|
||||||
(str/join
|
(str/join
|
||||||
\newline
|
\newline
|
||||||
["meissa-cloud installs & configures a single host kubernetes cluster with Cloud installed"
|
["meissa-nextcloud installs & configures a single host kubernetes cluster with nextcloud installed"
|
||||||
""
|
""
|
||||||
"Usage: java -jar meissa-cloud-standalone.jar [options] cloud.edn"
|
"Usage: java -jar meissa-nextcloud-standalone.jar [options] nextcloud.edn"
|
||||||
""
|
""
|
||||||
"Options:"
|
"Options:"
|
||||||
options-summary
|
options-summary
|
||||||
""
|
""
|
||||||
"cloud.edn"
|
"nextcloud.edn"
|
||||||
" - follows the edn format."
|
" - follows the edn format."
|
||||||
" - has to be a valid CloudConventionConfig"
|
" - has to be a valid nextcloudConventionConfig"
|
||||||
""]))
|
""]))
|
||||||
|
|
||||||
(defn -main [& args]
|
(defn -main [& args]
|
||||||
|
|
Loading…
Reference in a new issue