renamed namespaces to nextcloud

This commit is contained in:
leo 2021-08-10 10:43:04 +02:00
parent 1c2f6b89f2
commit 303f7ae5f2
53 changed files with 131 additions and 1059 deletions

View file

@ -1,59 +0,0 @@
kind: Pod
apiVersion: v1
metadata:
name: backup-restore
labels:
app.kubernetes.io/name: backup-restore
app.kubernetes.io/part-of: cloud
spec:
containers:
- name: backup-app
image: domaindrivenarchitecture/c4k-cloud-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"]
env:
- name: POSTGRES_USER_FILE
value: /var/run/secrets/cloud-secrets/postgres-user
- name: POSTGRES_DB_FILE
value: /var/run/secrets/cloud-secrets/postgres-db
- name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/postgres-password
- name: POSTGRES_HOST
value: "postgresql-service:5432"
- name: POSTGRES_SERVICE
value: "postgresql-service"
- name: POSTGRES_PORT
value: "5432"
- name: AWS_DEFAULT_REGION
value: eu-central-1
- name: AWS_ACCESS_KEY_ID_FILE
value: /var/run/secrets/backup-secrets/aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY_FILE
value: /var/run/secrets/backup-secrets/aws-secret-access-key
- name: RESTIC_REPOSITORY
valueFrom:
configMapKeyRef:
name: backup-config
key: restic-repository
- name: RESTIC_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-password
volumeMounts:
- name: cloud-data-volume
mountPath: /var/backups
- name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets
readOnly: true
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
volumes:
- name: cloud-data-volume
persistentVolumeClaim:
claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: backup-secret-volume
secret:
secretName: backup-secret
restartPolicy: OnFailure

View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
labels:
app.kubernetes.io/name: backup
app.kubernetes.io/part-of: cloud
data:
restic-repository: restic-repository

View file

@ -1,9 +0,0 @@
#!/bin/bash
kubectl delete --ignore-not-found=true -f backup-secret.yml
kubectl delete --ignore-not-found=true -f backup-config.yml
kubectl delete --ignore-not-found=true -f backup-cron.yml
kubectl apply -f backup-secret.yml
kubectl apply -f backup-config.yml
kubectl apply -f backup-cron.yml

View file

@ -1,65 +0,0 @@
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: cloud-backup
labels:
app.kubernetes.part-of: cloud
spec:
schedule: "10 23 * * *"
successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 0
jobTemplate:
spec:
template:
spec:
containers:
- name: backup-app
image: domaindrivenarchitecture/meissa-cloud-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
env:
- name: POSTGRES_USER_FILE
value: /var/run/secrets/cloud-secrets/postgres-user
- name: POSTGRES_DB_FILE
value: /var/run/secrets/cloud-secrets/postgres-db
- name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/postgres-password
- name: POSTGRES_HOST
value: "postgresql-service:5432"
- name: POSTGRES_SERVICE
value: "postgresql-service"
- name: POSTGRES_PORT
value: "5432"
- name: AWS_DEFAULT_REGION
value: eu-central-1
- name: AWS_ACCESS_KEY_ID_FILE
value: /var/run/secrets/backup-secrets/aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY_FILE
value: /var/run/secrets/backup-secrets/aws-secret-access-key
- name: RESTIC_REPOSITORY
valueFrom:
configMapKeyRef:
name: backup-config
key: restic-repository
- name: RESTIC_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-password
volumeMounts:
- name: cloud-data-volume
mountPath: /var/backups
- name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets
readOnly: true
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
volumes:
- name: cloud-data-volume
persistentVolumeClaim:
claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: backup-secret-volume
secret:
secretName: backup-secret
restartPolicy: OnFailure

View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: backup-secret
type: Opaque
stringData:
aws-access-key-id: aws-access-key-id
aws-secret-access-key: aws-secret-access-key
restic-password: restic-password

View file

@ -1,13 +0,0 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: cloud-cert
namespace: default
spec:
secretName: cloud-secret
commonName: fqdn
dnsNames:
- fqdn
issuerRef:
name: letsencrypt-staging-issuer
kind: ClusterIssuer

View file

@ -1,45 +0,0 @@
kind: Pod
apiVersion: v1
metadata:
name: cloud
labels:
app.kubernetes.io/name: cloud
spec:
shareProcessNamespace: true
containers:
- name: cloud-app
image: domaindrivenarchitecture/meissa-cloud-app
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env:
- name: NEXTCLOUD_ADMIN_USER_FILE
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "{{fqdn}}"
- name: POSTGRES_USER_FILE
value: /var/run/secrets/cloud-secrets/postgres-user
- name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/postgres-password
- name: POSTGRES_DB_FILE
value: /var/run/secrets/cloud-secrets/postgres-db
- name: POSTGRES_HOST
value: "postgresql-service:5432"
volumeMounts:
- name: cloud-data-volume
mountPath: /var/www/html
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
volumes:
- name: cloud-data-volume
persistentVolumeClaim:
claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: backup-secret-volume
secret:
secretName: backup-secret

View file

@ -1,26 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-cloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
namespace: default
spec:
tls:
- hosts:
- fqdn
secretName: cloud-secret
rules:
- host: fqdn
http:
paths:
- path: /
backend:
serviceName: cloud-service
servicePort: 80

View file

@ -1,15 +0,0 @@
kind: PersistentVolume
apiVersion: v1
metadata:
name: cloud-pv-volume
labels:
type: local
app: cloud
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
capacity:
storage: {{storage-size}}Gi #??? 30Gi?
hostPath:
path: "/var/cloud"

View file

@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cloud-pvc
labels:
app: cloud
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{storage-size}}Gi #??? 30Gi?
selector:
matchLabels:
app: cloud

View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: cloud-service
spec:
selector:
app.kubernetes.io/name: cloud #???
ports:
- port: 80

View file

@ -1,15 +0,0 @@
#!/bin/bash
echo -e "\n====================\n"
echo -e "cloud is running, ingress exists"
echo -e "\n====================\n"
kubectl get all
echo -e "\n====================\n"
echo -e "shows certificate with subject"
echo -e "CN={{fqdn}}"
echo -e "issuer: CN=Fake LE Intermediate X1"
echo -e "\n====================\n"
curl --insecure -v https://{{fqdn}}
echo -e "\n"

View file

@ -1,15 +0,0 @@
#!/bin/bash
kubectl delete --ignore-not-found=true -f postgres-deployment.yml
kubectl delete --ignore-not-found=true -f postgres-pvc.yml
kubectl delete --ignore-not-found=true -f postgres-service.yml
kubectl delete --ignore-not-found=true -f postgres-config.yml
kubectl delete --ignore-not-found=true -f postgres-secret.yml
kubectl delete --ignore-not-found=true -f postgres-persistent-volume.yml
kubectl apply -f postgres-persistent-volume.yml
kubectl apply -f postgres-secret.yml
kubectl apply -f postgres-config.yml
kubectl apply -f postgres-service.yml
kubectl apply -f postgres-pvc.yml
kubectl apply -f postgres-deployment.yml

View file

@ -1,8 +0,0 @@
#!/bin/bash
echo -e "\n====================\n"
echo -e "postgres is running"
echo -e "\n====================\n"
kubectl get all
echo -e "\n"

View file

@ -1,61 +0,0 @@
(ns meissa.pallet.meissa-cloud.app
(:require
[schema.core :as s]
[dda.pallet.commons.secret :as secret]
[dda.config.commons.map-utils :as mu]
[dda.pallet.core.app :as core-app]
[dda.pallet.dda-config-crate.infra :as config-crate]
[dda.pallet.dda-user-crate.app :as user]
[dda.pallet.dda-k8s-crate.app :as k8s]
[meissa.pallet.meissa-cloud.convention :as convention]
[meissa.pallet.meissa-cloud.infra :as infra]))
(def with-cloud infra/with-cloud)
(def CloudConvention convention/CloudConvention)
(def CloudConventionResolved convention/CloudConventionResolved)
(def InfraResult convention/InfraResult)
(def CloudApp
{:group-specific-config
{s/Keyword (merge InfraResult
user/InfraResult
k8s/InfraResult)}})
(s/defn ^:always-validate
app-configuration-resolved :- CloudApp
[resolved-convention-config :- CloudConventionResolved
& options]
(let [{:keys [group-key] :or {group-key infra/facility}} options]
(mu/deep-merge
(k8s/app-configuration-resolved
(convention/k8s-convention-configuration resolved-convention-config) :group-key group-key)
{:group-specific-config
{group-key
(convention/infra-configuration resolved-convention-config)}})))
(s/defn ^:always-validate
app-configuration :- CloudApp
[convention-config :- CloudConvention
& options]
(let [resolved-convention-config (secret/resolve-secrets convention-config CloudConvention)]
(apply app-configuration-resolved resolved-convention-config options)))
(s/defmethod ^:always-validate
core-app/group-spec infra/facility
[crate-app
convention-config :- CloudConventionResolved]
(let [app-config (app-configuration-resolved convention-config)]
(core-app/pallet-group-spec
app-config [(config-crate/with-config app-config)
user/with-user
k8s/with-k8s
with-cloud])))
(def crate-app (core-app/make-dda-crate-app
:facility infra/facility
:convention-schema CloudConvention
:convention-schema-resolved CloudConventionResolved
:default-convention-file "cloud.edn"))

View file

@ -1,93 +0,0 @@
(ns meissa.pallet.meissa-cloud.convention
(:require
[schema.core :as s]
[dda.pallet.commons.secret :as secret]
[dda.config.commons.map-utils :as mu]
[clojure.spec.alpha :as sp]
[clojure.spec.test.alpha :as st]
[dda.pallet.dda-k8s-crate.convention :as k8s-convention]
[meissa.pallet.meissa-cloud.infra :as infra]
[clojure.string :as str]
[meissa.pallet.meissa-cloud.convention.bash :as bash]
[meissa.pallet.meissa-cloud.convention.bash-php :as bash-php]))
(def InfraResult {infra/facility infra/MeissaCloudInfra})
(s/def CloudConvention
{:user s/Keyword
:external-ip s/Str
:fqdn s/Str
:cert-manager (s/enum :letsencrypt-prod-issuer :letsencrypt-staging-issuer)
:db-user-password secret/Secret
:admin-user s/Str
:admin-password secret/Secret
:storage-size s/Int
:restic-repository s/Str
:aws-access-key-id secret/Secret
:aws-secret-access-key secret/Secret
:restic-password secret/Secret
(s/optional-key :u18-04) (s/enum true)})
(def CloudConventionResolved (secret/create-resolved-schema CloudConvention))
(sp/def ::user keyword?)
(sp/def ::external-ip string?)
(sp/def ::fqdn string?)
(sp/def ::cert-manager #{:letsencrypt-prod-issuer :letsencrypt-staging-issuer})
(sp/def ::db-user-password bash-php/bash-php-env-string?)
(sp/def ::admin-user bash-php/bash-php-env-string?)
(sp/def ::admin-password bash-php/bash-php-env-string?)
(sp/def ::storage-size int?)
(sp/def ::restic-repository string?)
(sp/def ::restic-password bash/bash-env-string?)
(sp/def ::aws-access-key-id bash/bash-env-string?)
(sp/def ::aws-secret-access-key bash/bash-env-string?)
(sp/def ::u18-04 #{true})
(def cloud-convention-resolved? (sp/keys :req-un [::user ::external-ip ::fqdn ::cert-manager
::db-user-password ::admin-user ::admin-password
::storage-size ::restic-repository ::restic-password
::aws-access-key-id ::aws-secret-access-key ]
:opt-un [::u18-04]))
(def cloud-spec-resolved nil)
(s/defn k8s-convention-configuration :- k8s-convention/k8sConventionResolved
[convention-config :- CloudConventionResolved]
{:pre [(sp/valid? cloud-convention-resolved? convention-config)]}
(let [{:keys [cert-manager external-ip user u18-04]} convention-config
cluster-issuer (name cert-manager)]
(if u18-04
{:user user
:k8s {:external-ip external-ip
:u18-04 true}
:cert-manager cert-manager}
{:user user
:k8s {:external-ip external-ip}
:cert-manager cert-manager})))
(s/defn ^:always-validate
infra-configuration :- InfraResult
[convention-config :- CloudConventionResolved]
(let [{:keys [cert-manager fqdn user db-user-password admin-user admin-password storage-size
restic-repository aws-access-key-id aws-secret-access-key restic-password]} convention-config
cluster-issuer (name cert-manager)
db-user-name "cloud"]
{infra/facility
{:user user
:backup {:restic-repository restic-repository
:aws-access-key-id aws-access-key-id
:aws-secret-access-key aws-secret-access-key
:restic-password restic-password}
:cloud {:fqdn fqdn
:secret-name (str/replace fqdn #"\." "-")
:cluster-issuer cluster-issuer
:db-name "cloud"
:db-user-password db-user-password
:db-user-name db-user-name
:admin-user admin-user
:admin-password admin-password
:storage-size (str storage-size)}
:postgres {:db-user-password db-user-password
:db-user-name db-user-name}}}))

View file

@ -1,10 +0,0 @@
(ns meissa.pallet.meissa-cloud.convention.bash
(:require
[clojure.spec.alpha :as s]))
(defn bash-env-string?
[input]
(and (string? input)
(not (re-matches #".*['\"\$]+.*" input))))
(s/def ::plain bash-env-string?)

View file

@ -1,11 +0,0 @@
(ns meissa.pallet.meissa-cloud.convention.bash-php
(:require
[clojure.spec.alpha :as s]
[meissa.pallet.meissa-cloud.convention.bash :as bash]))
(defn bash-php-env-string?
[input]
(and (bash/bash-env-string? input)
(not (re-matches #".*[\-\\\\]+.*" input))))
(s/def ::plain bash-php-env-string?)

View file

@ -1,51 +0,0 @@
(ns meissa.pallet.meissa-cloud.infra
(:require
[schema.core :as s]
[dda.pallet.core.infra :as core-infra]
[meissa.pallet.meissa-cloud.infra.backup :as backup]
[meissa.pallet.meissa-cloud.infra.cloud :as cloud]
[meissa.pallet.meissa-cloud.infra.postgres :as postgres]))
(def facility :meissa-cloud)
(def MeissaCloudInfra
(merge
{:user s/Keyword}
backup/MeissaBackupInfra
cloud/MeissaCloudInfra
postgres/MeissaPostgresInfra))
(s/defmethod core-infra/dda-init facility
[dda-crate config]
(let [facility (:facility dda-crate)
{:keys [user backup postgres cloud]} config
user-str (name user)]
(postgres/init facility user-str postgres)
(cloud/init facility user-str cloud)
(backup/init facility user-str backup)))
(s/defmethod core-infra/dda-install facility
[dda-crate config]
(let [facility (:facility dda-crate)
{:keys [user backup postgres cloud]} config
user-str (name user)]
(postgres/install facility user-str postgres)
(cloud/install facility user-str cloud)
(backup/install facility user-str backup)))
(s/defmethod core-infra/dda-configure facility
[dda-crate config]
(let [facility (:facility dda-crate)
{:keys [user backup postgres cloud]} config
user-str (name user)]
(postgres/configure facility user-str postgres)
(cloud/configure facility user-str cloud)
(backup/configure facility user-str backup)))
(def meissa-cloud
(core-infra/make-dda-crate-infra
:facility facility
:infra-schema MeissaCloudInfra))
(def with-cloud
(core-infra/create-infra-plan meissa-cloud))

View file

@ -1,39 +0,0 @@
(ns meissa.pallet.meissa-cloud.infra.backup
(:require
[schema.core :as s]
[dda.provision :as p]
[dda.provision.pallet :as pp]))
(s/def Backup
{:restic-repository s/Str
:aws-access-key-id s/Str
:aws-secret-access-key s/Str
:restic-password s/Str})
(def MeissaBackupInfra {:backup Backup})
(def backup "backup")
(defn init [facility user config])
(defn install
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name backup
::p/info "install")
(p/copy-resources-to-user
::pp/pallet user facility-name backup
[{:filename "backup-secret.yml" :config config}
{:filename "backup-config.yml" :config config}
{:filename "configure-as-user.sh"}
{:filename "backup-restore.yml"}
{:filename "backup-cron.yml"}])))
(defn configure
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name backup
::p/info "configure")
(p/exec-file-on-target-as-user
::pp/pallet user facility-name backup "configure-as-user.sh")
))

View file

@ -1,57 +0,0 @@
(ns meissa.pallet.meissa-cloud.infra.cloud
(:require
[schema.core :as s]
[dda.provision :as p]
[dda.provision.pallet :as pp]))
(s/def Cloud
{:fqdn s/Str
:secret-name s/Str
:cluster-issuer s/Str
:db-name s/Str
:db-user-name s/Str
:db-user-password s/Str
:admin-user s/Str
:admin-password s/Str
:storage-size s/Str})
(def MeissaCloudInfra {:cloud Cloud})
(def cloud "cloud")
(defn init
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name cloud
::p/info "init")
(p/copy-resources-to-tmp
::pp/pallet facility-name cloud
[{:filename "install-as-root.sh" :config {:user user}}])))
(defn install
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name cloud
::p/info "install")
(p/copy-resources-to-user
::pp/pallet user facility-name cloud
[{:filename "pod-running.sh"}
{:filename "cloud-persistent-volume.yml" :config config}
{:filename "cloud-secret.yml" :config config}
{:filename "cloud-service.yml"}
{:filename "cloud-pvc.yml" :config config}
{:filename "cloud-pod.yml" :config config}
{:filename "cloud-ingress.yml" :config config}
{:filename "configure-as-user.sh"}
{:filename "verify.sh" :config config}])
(p/exec-file-on-target-as-root
::pp/pallet facility-name cloud "install-as-root.sh")))
(defn configure
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name cloud
::p/info "configure")
(p/exec-file-on-target-as-user
::pp/pallet user facility-name cloud "configure-as-user.sh")))

View file

@ -1,47 +0,0 @@
(ns meissa.pallet.meissa-cloud.infra.postgres
(:require
[schema.core :as s]
[dda.provision :as p]
[dda.provision.pallet :as pp]))
(s/def Postgres {:db-user-name s/Str :db-user-password s/Str})
(def MeissaPostgresInfra {:postgres Postgres})
(def postgres "postgres")
(defn init
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name postgres
::p/info "init")
(p/copy-resources-to-tmp
::pp/pallet facility-name postgres
[{:filename "install-as-root.sh" :config {:user user}}])))
(defn install
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name postgres
::p/info "install")
(p/copy-resources-to-user
::pp/pallet user facility-name postgres
[{:filename "postgres-persistent-volume.yml"}
{:filename "postgres-secret.yml" :config config}
{:filename "postgres-config.yml"}
{:filename "postgres-service.yml"}
{:filename "postgres-pvc.yml"}
{:filename "postgres-deployment.yml" :config config}
{:filename "configure-as-user.sh"}
{:filename "verify.sh"}])
(p/exec-file-on-target-as-root
::pp/pallet facility-name postgres "install-as-root.sh")))
(defn configure
[facility user config]
(let [facility-name (name facility)]
(p/provision-log ::pp/pallet facility-name postgres
::p/info "configure")
(p/exec-file-on-target-as-user
::pp/pallet user facility-name postgres "configure-as-user.sh")))

View file

@ -38,8 +38,8 @@
:uberjar {:source-paths ["uberjar/src"] :uberjar {:source-paths ["uberjar/src"]
:resource-paths ["uberjar/resources"] :resource-paths ["uberjar/resources"]
:aot :all :aot :all
:main meissa.pallet.meissa-cloud.main :main dda.c4k-nextcloud.uberjar
:uberjar-name "meissa-cloud-standalone.jar" :uberjar-name "c4k-nextcloud-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.194"] :dependencies [[org.clojure/tools.cli "1.0.194"]
[ch.qos.logback/logback-classic "1.3.0-alpha5"] [ch.qos.logback/logback-classic "1.3.0-alpha5"]
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}} [org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}}

View file

@ -1,16 +1,16 @@
(ns dda.c4k-cloud.uberjar (ns dda.c4k-nextcloud.uberjar
(:gen-class) (:gen-class)
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[clojure.string :as cs] [clojure.string :as cs]
[clojure.tools.reader.edn :as edn] [clojure.tools.reader.edn :as edn]
[expound.alpha :as expound] [expound.alpha :as expound]
[dda.c4k-cloud.core :as core])) [dda.c4k-nextcloud.core :as core]))
(def usage (def usage
"usage: "usage:
c4k-cloud {your configuraton file} {your authorization file}") c4k-nextcloud {your configuraton file} {your authorization file}")
(s/def ::options (s/* #{"-h"})) (s/def ::options (s/* #{"-h"}))
(s/def ::filename (s/and string? (s/def ::filename (s/and string?

View file

@ -1,4 +1,4 @@
(ns dda.c4k-cloud.backup (ns dda.c4k-nextcloud.backup
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])

View file

@ -1,4 +1,4 @@
(ns dda.c4k-cloud.cloud (ns dda.c4k-nextcloud.nextcloud
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])
@ -7,31 +7,32 @@
(s/def ::fqdn cm/fqdn-string?) (s/def ::fqdn cm/fqdn-string?)
(s/def ::issuer cm/letsencrypt-issuer?) (s/def ::issuer cm/letsencrypt-issuer?)
(s/def ::cloud-data-volume-path string?) (s/def ::restic-repository string?)
(s/def ::nextcloud-data-volume-path string?)
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :cloud [resource-name] (defmethod yaml/load-resource :nextcloud [resource-name]
(case resource-name (case resource-name
"cloud/certificate.yaml" (rc/inline "cloud/certificate.yaml") "nextcloud/certificate.yaml" (rc/inline "nextcloud/certificate.yaml")
"cloud/deployment.yaml" (rc/inline "cloud/deployment.yaml") "nextcloud/deployment.yaml" (rc/inline "nextcloud/deployment.yaml")
"cloud/ingress.yaml" (rc/inline "cloud/ingress.yaml") "nextcloud/ingress.yaml" (rc/inline "nextcloud/ingress.yaml")
"cloud/persistent-volume.yaml" (rc/inline "cloud/persistent-volume.yaml") "nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
"cloud/pvc.yaml" (rc/inline "cloud/pvc.yaml") "nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
"cloud/service.yaml" (rc/inline "cloud/service.yaml") "nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
(defn generate-certificate [config] (defn generate-certificate [config]
(let [{:keys [fqdn issuer]} config (let [{:keys [fqdn issuer]} config
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")] letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
(-> (->
(yaml/from-string (yaml/load-resource "cloud/certificate.yaml")) (yaml/from-string (yaml/load-resource "nextcloud/certificate.yaml"))
(assoc-in [:spec :commonName] fqdn) (assoc-in [:spec :commonName] fqdn)
(assoc-in [:spec :dnsNames] [fqdn]) (assoc-in [:spec :dnsNames] [fqdn])
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)))) (assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
(defn generate-deployment [config] (defn generate-deployment [config]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn]} config]
(-> (yaml/from-string (yaml/load-resource "cloud/deployment.yaml")) (-> (yaml/from-string (yaml/load-resource "nextcloud/deployment.yaml"))
(cm/replace-named-value "FQDN" fqdn)))) (cm/replace-named-value "FQDN" fqdn))))
(defn generate-ingress [config] (defn generate-ingress [config]
@ -39,18 +40,18 @@
:or {issuer :staging}} config :or {issuer :staging}} config
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")] letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
(-> (->
(yaml/from-string (yaml/load-resource "cloud/ingress.yaml")) (yaml/from-string (yaml/load-resource "nextcloud/ingress.yaml"))
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn)))) (cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
(defn generate-persistent-volume [config] (defn generate-persistent-volume [config]
(let [{:keys [cloud-data-volume-path]} config] (let [{:keys [nextcloud-data-volume-path]} config]
(-> (->
(yaml/from-string (yaml/load-resource "cloud/persistent-volume.yaml")) (yaml/from-string (yaml/load-resource "nextcloud/persistent-volume.yaml"))
(assoc-in [:spec :hostPath :path] cloud-data-volume-path)))) (assoc-in [:spec :hostPath :path] nextcloud-data-volume-path))))
(defn generate-pvc [] (defn generate-pvc []
(yaml/from-string (yaml/load-resource "cloud/pvc.yaml"))) (yaml/from-string (yaml/load-resource "nextcloud/pvc.yaml")))
(defn generate-service [] (defn generate-service []
(yaml/from-string (yaml/load-resource "cloud/service.yaml"))) (yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))

View file

@ -1,4 +1,4 @@
(ns dda.c4k-cloud.core (ns dda.c4k-nextcloud.core
(:require (:require
[clojure.string :as cs] [clojure.string :as cs]
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
@ -6,13 +6,13 @@
:cljs [orchestra.core :refer-macros [defn-spec]]) :cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.postgres :as postgres] [dda.c4k-common.postgres :as postgres]
[dda.c4k-cloud.cloud :as cloud] [dda.c4k-nextcloud.nextcloud :as nextcloud]
[dda.c4k-cloud.backup :as backup])) [dda.c4k-nextcloud.backup :as backup]))
(def config-defaults {:issuer :staging}) (def config-defaults {:issuer :staging})
(def config? (s/keys :req-un [::cloud/fqdn] (def config? (s/keys :req-un [::nextcloud/fqdn]
:opt-un [::cloud/issuer ::cloud/cloud-data-volume-path :opt-un [::nextcloud/issuer ::nextcloud/nextcloud-data-volume-path
::postgres/postgres-data-volume-path ::restic-repository])) ::postgres/postgres-data-volume-path ::restic-repository]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password (def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
@ -29,14 +29,14 @@
[(yaml/to-string (postgres/generate-pvc)) [(yaml/to-string (postgres/generate-pvc))
(yaml/to-string (postgres/generate-deployment)) (yaml/to-string (postgres/generate-deployment))
(yaml/to-string (postgres/generate-service))] (yaml/to-string (postgres/generate-service))]
(when (contains? config :cloud-data-volume-path) (when (contains? config :nextcloud-data-volume-path)
[(yaml/to-string (cloud/generate-persistent-volume config))]) [(yaml/to-string (nextcloud/generate-persistent-volume config))])
[(yaml/to-string (cloud/generate-pvc)) [(yaml/to-string (nextcloud/generate-pvc))
(yaml/to-string (cloud/generate-deployment config)) (yaml/to-string (nextcloud/generate-deployment config))
(yaml/to-string (cloud/generate-service)) (yaml/to-string (nextcloud/generate-service))
(yaml/to-string (cloud/generate-certificate config)) (yaml/to-string (nextcloud/generate-certificate config))
(yaml/to-string (cloud/generate-ingress config)) (yaml/to-string (nextcloud/generate-ingress config))
(yaml/to-string (cloud/generate-service))] (yaml/to-string (nextcloud/generate-service))]
(when (contains? config :restic-repository) (when (contains? config :restic-repository)
[(yaml/to-string (backup/generate-config config)) [(yaml/to-string (backup/generate-config config))
(yaml/to-string (backup/generate-secret config)) (yaml/to-string (backup/generate-secret config))

View file

@ -1,19 +1,20 @@
(ns dda.c4k-cloud.browser (ns dda.c4k-nextcloud.browser
(:require (:require
[clojure.tools.reader.edn :as edn] [clojure.tools.reader.edn :as edn]
[dda.c4k-cloud.core :as core] [dda.c4k-nextcloud.core :as core]
[dda.c4k-cloud.cloud :as cloud] [dda.c4k-nextcloud.nextcloud :as nextcloud]
[dda.c4k-common.browser :as br])) [dda.c4k-common.browser :as br]
[dda.c4k-common.postgres :as pgc]))
(defn config-from-document [] (defn config-from-document []
(let [cloud-data-volume-path (br/get-content-from-element "cloud-data-volume-path" :optional true :deserializer keyword) (let [nextcloud-data-volume-path (br/get-content-from-element "nextcloud-data-volume-path" :optional true)
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true :deserializer keyword) postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true)
restic-repository (br/get-content-from-element "restic-repository" :optional true :deserializer keyword) restic-repository (br/get-content-from-element "restic-repository" :optional true)
issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)] issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)]
(merge (merge
{:fqdn (br/get-content-from-element "fqdn")} {:fqdn (br/get-content-from-element "fqdn")}
(when (some? cloud-data-volume-path) (when (some? nextcloud-data-volume-path)
{:cloud-data-volume-path cloud-data-volume-path}) {:nextcloud-data-volume-path nextcloud-data-volume-path})
(when (some? postgres-data-volume-path) (when (some? postgres-data-volume-path)
{:postgres-data-volume-path postgres-data-volume-path}) {:postgres-data-volume-path postgres-data-volume-path})
(when (some? restic-repository) (when (some? restic-repository)
@ -23,11 +24,11 @@
))) )))
(defn validate-all! [] (defn validate-all! []
(br/validate! "fqdn" ::cloud/fqdn) (br/validate! "fqdn" ::nextcloud/fqdn)
(br/validate! "cloud-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword) (br/validate! "nextcloud-data-volume-path" ::nextcloud/nextcloud-data-volume-path :optional true)
(br/validate! "postgres-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword) (br/validate! "postgres-data-volume-path" ::pgc/postgres-data-volume-path :optional true)
(br/validate! "restic-repository" ::cloud/restic-repository :optional true :deserializer keyword) (br/validate! "restic-repository" ::nextcloud/restic-repository :optional true)
(br/validate! "issuer" ::cloud/issuer :optional true :deserializer keyword) (br/validate! "issuer" ::nextcloud/issuer :optional true :deserializer keyword)
(br/validate! "auth" core/auth? :deserializer edn/read-string) (br/validate! "auth" core/auth? :deserializer edn/read-string)
(br/set-validated!)) (br/set-validated!))
@ -43,7 +44,7 @@
(-> (br/get-element-by-id "fqdn") (-> (br/get-element-by-id "fqdn")
(.addEventListener "blur" (.addEventListener "blur"
#(do (validate-all!)))) #(do (validate-all!))))
(-> (br/get-element-by-id "cloud-data-volume-path") (-> (br/get-element-by-id "nextcloud-data-volume-path")
(.addEventListener "blur" (.addEventListener "blur"
#(do (validate-all!)))) #(do (validate-all!))))
(-> (br/get-element-by-id "postgres-data-volume-path") (-> (br/get-element-by-id "postgres-data-volume-path")

View file

@ -12,21 +12,12 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"] command: ["/entrypoint-start-and-wait.sh"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER_FILE
valueFrom: value: /var/run/secrets/cloud-secrets/postgres-user
secretKeyRef: - name: POSTGRES_DB_FILE
name: postgres-secret value: /var/run/secrets/cloud-secrets/postgres-db
key: postgres-user - name: POSTGRES_PASSWORD_FILE
- name: POSTGRES_DB value: /var/run/secrets/cloud-secrets/postgres-password
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service:5432" value: "postgresql-service:5432"
- name: POSTGRES_SERVICE - name: POSTGRES_SERVICE
@ -52,10 +43,16 @@ spec:
- name: backup-secret-volume - name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets mountPath: /var/run/secrets/backup-secrets
readOnly: true readOnly: true
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
volumes: volumes:
- name: cloud-data-volume - name: cloud-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: cloud-pvc claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: backup-secret-volume - name: backup-secret-volume
secret: secret:
secretName: backup-secret secretName: backup-secret

View file

@ -6,33 +6,24 @@ metadata:
app.kubernetes.part-of: cloud app.kubernetes.part-of: cloud
spec: spec:
schedule: "10 23 * * *" schedule: "10 23 * * *"
successfulJobsHistoryLimit: 1 successfulJobsHistoryLimit: 0
failedJobsHistoryLimit: 1 failedJobsHistoryLimit: 0
jobTemplate: jobTemplate:
spec: spec:
template: template:
spec: spec:
containers: containers:
- name: backup-app - name: backup-app
image: domaindrivenarchitecture/c4k-cloud-backup image: domaindrivenarchitecture/meissa-cloud-backup
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER_FILE
valueFrom: value: /var/run/secrets/cloud-secrets/postgres-user
secretKeyRef: - name: POSTGRES_DB_FILE
name: postgres-secret value: /var/run/secrets/cloud-secrets/postgres-db
key: postgres-user - name: POSTGRES_PASSWORD_FILE
- name: POSTGRES_PASSWORD value: /var/run/secrets/cloud-secrets/postgres-password
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service:5432" value: "postgresql-service:5432"
- name: POSTGRES_SERVICE - name: POSTGRES_SERVICE
@ -58,10 +49,16 @@ spec:
- name: backup-secret-volume - name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets mountPath: /var/run/secrets/backup-secrets
readOnly: true readOnly: true
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
volumes: volumes:
- name: cloud-data-volume - name: cloud-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: cloud-pvc claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: backup-secret-volume - name: backup-secret-volume
secret: secret:
secretName: backup-secret secretName: backup-secret

View file

@ -3,7 +3,7 @@ kind: Secret
metadata: metadata:
name: backup-secret name: backup-secret
type: Opaque type: Opaque
data: stringData:
aws-access-key-id: aws-access-key-id aws-access-key-id: aws-access-key-id
aws-secret-access-key: aws-secret-access-key aws-secret-access-key: aws-secret-access-key
restic-password: restic-password restic-password: restic-password

View file

@ -14,27 +14,39 @@ spec:
app: cloud app: cloud
spec: spec:
containers: containers:
- image: domaindrivenarchitecture/c4k-cloud - image: domaindrivenarchitecture/meissa-cloud-app
name: cloud-app name: cloud-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env: env:
- name: DB_USERNAME_FILE - name: NEXTCLOUD_ADMIN_USER_FILE
value: /var/run/secrets/postgres-secret/postgres-user value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
- name: DB_PASSWORD_FILE - name: NEXTCLOUD_ADMIN_PASSWORD_FILE
value: /var/run/secrets/postgres-secret/postgres-password value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
- name: FQDN - name: NEXTCLOUD_TRUSTED_DOMAINS
value: fqdn value: "{{fqdn}}"
command: ["/app/entrypoint.sh"] - name: POSTGRES_USER_FILE
volumeMounts: value: /var/run/secrets/cloud-secrets/postgres-user
- mountPath: /var/cloud - name: POSTGRES_PASSWORD_FILE
name: cloud-data-volume value: /var/run/secrets/cloud-secrets/postgres-password
- name: postgres-secret-volume - name: POSTGRES_DB_FILE
mountPath: /var/run/secrets/postgres-secret value: /var/run/secrets/cloud-secrets/postgres-db
- name: POSTGRES_HOST
value: "postgresql-service:5432"
volumeMounts:
- name: cloud-data-volume
mountPath: /var/www/html
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true readOnly: true
volumes: volumes:
- name: cloud-data-volume - name: cloud-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: cloud-pvc claimName: cloud-pvc
- name: postgres-secret-volume - name: cloud-secret-volume
secret: secret:
secretName: postgres-secret secretName: cloud-secret
- name: backup-secret-volume
secret:
secretName: backup-secret

View file

@ -23,4 +23,4 @@ spec:
- path: / - path: /
backend: backend:
serviceName: cloud-service serviceName: cloud-service
servicePort: 8080 servicePort: 80

View file

@ -4,11 +4,12 @@ metadata:
name: cloud-pv-volume name: cloud-pv-volume
labels: labels:
type: local type: local
app: cloud
spec: spec:
storageClassName: manual storageClassName: manual
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
capacity: capacity:
storage: 30Gi storage: {{storage-size}}Gi #??? 30Gi?
hostPath: hostPath:
path: "/var/cloud" path: "/var/cloud"

View file

@ -10,4 +10,7 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 30Gi storage: {{storage-size}}Gi #??? 30Gi?
selector:
matchLabels:
app: cloud

View file

@ -4,6 +4,6 @@ metadata:
name: cloud-service name: cloud-service
spec: spec:
selector: selector:
app: cloud app.kubernetes.io/name: cloud #???
ports: ports:
- port: 8080 - port: 80

View file

@ -1,50 +0,0 @@
<configuration scan="true" scanPeriod="1 seconds" debug="false">
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level>
</filter>
</appender>
<appender name="PALLETFILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logs/pallet.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logs/old/pallet.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>3</maxHistory>
</rollingPolicy>
<encoder>
<pattern>%date %level [%thread] %logger{10} %msg%n</pattern>
</encoder>
</appender>
<logger name="clj-ssh.ssh" level="ERROR">
<appender-ref ref="PALLETFILE" />
</logger>
<logger name="pallet" level="DEBUG">
<appender-ref ref="PALLETFILE" />
</logger>
<logger name="pallet.ssh" level="ERROR">
<appender-ref ref="PALLETFILE" />
</logger>
<logger name="pallet.algo" level="ERROR">
<appender-ref ref="PALLETFILE" />
</logger>
<logger name="dda" level="DEBUG">
<appender-ref ref="PALLETFILE" />
</logger>
<logger name="meissa" level="DEBUG">
<appender-ref ref="PALLETFILE" />
</logger>
<root level="DEBUG">
<appender-ref ref="CONSOLE" />
</root>
</configuration>

View file

@ -1,93 +0,0 @@
(ns dda.c4k-cloud.backup-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-cloud.backup :as cut]))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "backup-secret"}
:type "Opaque"
:data
{:aws-access-key-id "YXdzLWlk", :aws-secret-access-key "YXdzLXNlY3JldA==", :restic-password "cmVzdGljLXB3"}}
(cut/generate-secret {:aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-pw"}))))
(deftest should-generate-config
(is (= {:apiVersion "v1"
:kind "ConfigMap"
:metadata {:name "backup-config"
:labels {:app.kubernetes.io/name "backup"
:app.kubernetes.io/part-of "cloud"}}
:data
{:restic-repository "s3:restic-repository"}}
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
(deftest should-generate-cron
(is (= {:apiVersion "batch/v1beta1"
:kind "CronJob"
:metadata {:name "cloud-backup"
:labels {:app.kubernetes.part-of "cloud"}}
:spec {:schedule "10 23 * * *"
:successfulJobsHistoryLimit 1
:failedJobsHistoryLimit 1
:jobTemplate
{:spec
{:template
{:spec
{:containers
[{:name "backup-app"
:image "domaindrivenarchitecture/c4k-cloud-backup"
:imagePullPolicy "IfNotPresent"
:command ["/entrypoint.sh"]
:env
[{:name "POSTGRES_USER"
:valueFrom
{:secretKeyRef
{:name "postgres-secret"
:key "postgres-user"}}}
{:name "POSTGRES_PASSWORD"
:valueFrom
{:secretKeyRef
{:name "postgres-secret"
:key "postgres-password"}}}
{:name "POSTGRES_DB"
:valueFrom
{:configMapKeyRef
{:name "postgres-config"
:key "postgres-db"}}}
{:name "POSTGRES_HOST"
:value "postgresql-service:5432"}
{:name "POSTGRES_SERVICE"
:value "postgresql-service"}
{:name "POSTGRES_PORT"
:value "5432"}
{:name "AWS_DEFAULT_REGION"
:value "eu-central-1"}
{:name "AWS_ACCESS_KEY_ID_FILE"
:value "/var/run/secrets/backup-secrets/aws-access-key-id"}
{:name "AWS_SECRET_ACCESS_KEY_FILE"
:value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
{:name "RESTIC_REPOSITORY"
:valueFrom
{:configMapKeyRef
{:name "backup-config"
:key "restic-repository"}}}
{:name "RESTIC_PASSWORD_FILE"
:value "/var/run/secrets/backup-secrets/restic-password"}]
:volumeMounts
[{:name "cloud-data-volume"
:mountPath "/var/backups"}
{:name "backup-secret-volume"
:mountPath "/var/run/secrets/backup-secrets"
:readOnly true}]}]
:volumes
[{:name "cloud-data-volume"
:persistentVolumeClaim
{:claimName "cloud-pvc"}}
{:name "backup-secret-volume"
:secret
{:secretName "backup-secret"}}]
:restartPolicy "OnFailure"}}}}}}
(cut/generate-cron))))

View file

@ -1,80 +0,0 @@
(ns dda.c4k-cloud.cloud-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-cloud.cloud :as cut]))
(deftest should-generate-certificate
(is (= {:apiVersion "cert-manager.io/v1alpha2"
:kind "Certificate"
:metadata {:name "cloud-cert", :namespace "default"}
:spec
{:secretName "cloud-secret"
:commonName "xx"
:dnsNames ["xx"]
:issuerRef
{:name "letsencrypt-prod-issuer", :kind "ClusterIssuer"}}}
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
(deftest should-generate-ingress
(is (= {:apiVersion "extensions/v1beta1"
:kind "Ingress"
:metadata
{:name "ingress-cloud"
:annotations
{:cert-manager.io/cluster-issuer
"letsencrypt-staging-issuer"
:nginx.ingress.kubernetes.io/proxy-body-size "256m"
:nginx.ingress.kubernetes.io/ssl-redirect "true"
:nginx.ingress.kubernetes.io/rewrite-target "/"
:nginx.ingress.kubernetes.io/proxy-connect-timeout "300"
:nginx.ingress.kubernetes.io/proxy-send-timeout "300"
:nginx.ingress.kubernetes.io/proxy-read-timeout "300"}
:namespace "default"}
:spec
{:tls [{:hosts ["xx"], :secretName "cloud-secret"}]
:rules
[{:host "xx"
:http
{:paths
[{:path "/"
:backend
{:serviceName "cloud-service", :servicePort 8080}}]}}]}}
(cut/generate-ingress {:fqdn "xx"}))))
(deftest should-generate-persistent-volume
(is (= {:kind "PersistentVolume"
:apiVersion "v1"
:metadata {:name "cloud-pv-volume", :labels {:type "local"}}
:spec
{:storageClassName "manual"
:accessModes ["ReadWriteOnce"]
:capacity {:storage "30Gi"}
:hostPath {:path "xx"}}}
(cut/generate-persistent-volume {:cloud-data-volume-path "xx"}))))
(deftest should-generate-deployment
(is (= {:containers
[{:image "domaindrivenarchitecture/c4k-cloud"
:name "cloud-app"
:imagePullPolicy "IfNotPresent"
:env
[{:name "DB_USERNAME_FILE"
:value
"/var/run/secrets/postgres-secret/postgres-user"}
{:name "DB_PASSWORD_FILE"
:value
"/var/run/secrets/postgres-secret/postgres-password"}
{:name "FQDN", :value "xx"}]
:command ["/app/entrypoint.sh"]
:volumeMounts
[{:mountPath "/var/cloud", :name "cloud-data-volume"}
{:name "postgres-secret-volume"
:mountPath "/var/run/secrets/postgres-secret"
:readOnly true}]}]
:volumes
[{:name "cloud-data-volume"
:persistentVolumeClaim {:claimName "cloud-pvc"}}
{:name "postgres-secret-volume"
:secret {:secretName "postgres-secret"}}]}
(get-in (cut/generate-deployment {:fqdn "xx"}) [:spec :template :spec]))))

View file

@ -1,35 +0,0 @@
(ns dda.c4k-cloud.core-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-cloud.core :as cut]))
(deftest should-k8s-objects
(is (= 16
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "cloud"
:postgres-db-password "cloud-db-password"
:issuer :prod
:cloud-data-volume-path "/var/cloud"
:postgres-data-volume-path "/var/postgres"
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-pw"
:restic-repository "restic-repository"}))))
(is (= 14
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "cloud"
:postgres-db-password "cloud-db-password"
:issuer :prod
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-pw"
:restic-repository "restic-repository"}))))
(is (= 11
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "cloud"
:postgres-db-password "cloud-db-password"
:issuer :prod
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-pw"})))))

View file

@ -1,8 +1,8 @@
(ns meissa.pallet.meissa-cloud.app-test (ns meissa.pallet.meissa-nextcloud.app-test
(:require (:require
[clojure.test :refer :all] [clojure.test :refer :all]
[schema.core :as s] [schema.core :as s]
[meissa.pallet.meissa-cloud.app :as sut])) [meissa.pallet.meissa-nextcloud.app :as sut]))
(s/set-fn-validation! true) (s/set-fn-validation! true)
@ -15,7 +15,7 @@
:admin-user "root" :admin-user "root"
:admin-password "test1234" :admin-password "test1234"
:storage-size 50 :storage-size 50
:restic-repository "cloud" :restic-repository "nextcloud"
:aws-access-key-id "10" :aws-access-key-id "10"
:aws-secret-access-key "secret" :aws-secret-access-key "secret"
:restic-password "test4321"}) :restic-password "test4321"})
@ -28,4 +28,4 @@
(deftest plan-def (deftest plan-def
(testing (testing
"test plan-def" "test plan-def"
(is (map? sut/with-cloud)))) (is (map? sut/with-nextcloud))))

View file

@ -1,11 +1,11 @@
(ns meissa.pallet.meissa-cloud.main (ns meissa.pallet.meissa-nextcloud.main
(:gen-class) (:gen-class)
(:require (:require
[clojure.string :as str] [clojure.string :as str]
[clojure.tools.cli :as cli] [clojure.tools.cli :as cli]
[dda.pallet.core.main-helper :as mh] [dda.pallet.core.main-helper :as mh]
[dda.pallet.core.app :as core-app] [dda.pallet.core.app :as core-app]
[meissa.pallet.meissa-cloud.app :as app])) [meissa.pallet.meissa-nextcloud.app :as app]))
(def cli-options (def cli-options
[["-h" "--help"] [["-h" "--help"]
@ -17,16 +17,16 @@
(defn usage [options-summary] (defn usage [options-summary]
(str/join (str/join
\newline \newline
["meissa-cloud installs & configures a single host kubernetes cluster with Cloud installed" ["meissa-nextcloud installs & configures a single host kubernetes cluster with nextcloud installed"
"" ""
"Usage: java -jar meissa-cloud-standalone.jar [options] cloud.edn" "Usage: java -jar meissa-nextcloud-standalone.jar [options] nextcloud.edn"
"" ""
"Options:" "Options:"
options-summary options-summary
"" ""
"cloud.edn" "nextcloud.edn"
" - follows the edn format." " - follows the edn format."
" - has to be a valid CloudConventionConfig" " - has to be a valid nextcloudConventionConfig"
""])) ""]))
(defn -main [& args] (defn -main [& args]