renamed namespaces to nextcloud
This commit is contained in:
parent
1c2f6b89f2
commit
303f7ae5f2
53 changed files with 131 additions and 1059 deletions
|
@ -1,59 +0,0 @@
|
|||
kind: Pod
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: backup-restore
|
||||
labels:
|
||||
app.kubernetes.io/name: backup-restore
|
||||
app.kubernetes.io/part-of: cloud
|
||||
spec:
|
||||
containers:
|
||||
- name: backup-app
|
||||
image: domaindrivenarchitecture/c4k-cloud-backup
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint-start-and-wait.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
value: "postgresql-service"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: eu-central-1
|
||||
- name: AWS_ACCESS_KEY_ID_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||
- name: RESTIC_REPOSITORY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: backup-config
|
||||
key: restic-repository
|
||||
- name: RESTIC_PASSWORD_FILE
|
||||
value: /var/run/secrets/backup-secrets/restic-password
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/backups
|
||||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
restartPolicy: OnFailure
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: backup-config
|
||||
labels:
|
||||
app.kubernetes.io/name: backup
|
||||
app.kubernetes.io/part-of: cloud
|
||||
data:
|
||||
restic-repository: restic-repository
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
kubectl delete --ignore-not-found=true -f backup-secret.yml
|
||||
kubectl delete --ignore-not-found=true -f backup-config.yml
|
||||
kubectl delete --ignore-not-found=true -f backup-cron.yml
|
||||
|
||||
kubectl apply -f backup-secret.yml
|
||||
kubectl apply -f backup-config.yml
|
||||
kubectl apply -f backup-cron.yml
|
|
@ -1,65 +0,0 @@
|
|||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: cloud-backup
|
||||
labels:
|
||||
app.kubernetes.part-of: cloud
|
||||
spec:
|
||||
schedule: "10 23 * * *"
|
||||
successfulJobsHistoryLimit: 0
|
||||
failedJobsHistoryLimit: 0
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: backup-app
|
||||
image: domaindrivenarchitecture/meissa-cloud-backup
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
value: "postgresql-service"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: eu-central-1
|
||||
- name: AWS_ACCESS_KEY_ID_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-access-key-id
|
||||
- name: AWS_SECRET_ACCESS_KEY_FILE
|
||||
value: /var/run/secrets/backup-secrets/aws-secret-access-key
|
||||
- name: RESTIC_REPOSITORY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: backup-config
|
||||
key: restic-repository
|
||||
- name: RESTIC_PASSWORD_FILE
|
||||
value: /var/run/secrets/backup-secrets/restic-password
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/backups
|
||||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
restartPolicy: OnFailure
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: backup-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
aws-access-key-id: aws-access-key-id
|
||||
aws-secret-access-key: aws-secret-access-key
|
||||
restic-password: restic-password
|
|
@ -1,13 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: cloud-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: cloud-secret
|
||||
commonName: fqdn
|
||||
dnsNames:
|
||||
- fqdn
|
||||
issuerRef:
|
||||
name: letsencrypt-staging-issuer
|
||||
kind: ClusterIssuer
|
|
@ -1,45 +0,0 @@
|
|||
kind: Pod
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: cloud
|
||||
labels:
|
||||
app.kubernetes.io/name: cloud
|
||||
spec:
|
||||
shareProcessNamespace: true
|
||||
containers:
|
||||
- name: cloud-app
|
||||
image: domaindrivenarchitecture/meissa-cloud-app
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: NEXTCLOUD_ADMIN_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: "{{fqdn}}"
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
volumeMounts:
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/www/html
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
|
@ -1,26 +0,0 @@
|
|||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress-cloud
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||
namespace: default
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- fqdn
|
||||
secretName: cloud-secret
|
||||
rules:
|
||||
- host: fqdn
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: cloud-service
|
||||
servicePort: 80
|
|
@ -1,15 +0,0 @@
|
|||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: cloud-pv-volume
|
||||
labels:
|
||||
type: local
|
||||
app: cloud
|
||||
spec:
|
||||
storageClassName: manual
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
capacity:
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
hostPath:
|
||||
path: "/var/cloud"
|
|
@ -1,16 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: cloud-pvc
|
||||
labels:
|
||||
app: cloud
|
||||
spec:
|
||||
storageClassName: manual
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cloud
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: cloud-service
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: cloud #???
|
||||
ports:
|
||||
- port: 80
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "cloud is running, ingress exists"
|
||||
echo -e "\n====================\n"
|
||||
kubectl get all
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "shows certificate with subject"
|
||||
echo -e "CN={{fqdn}}"
|
||||
echo -e "issuer: CN=Fake LE Intermediate X1"
|
||||
echo -e "\n====================\n"
|
||||
curl --insecure -v https://{{fqdn}}
|
||||
|
||||
echo -e "\n"
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
kubectl delete --ignore-not-found=true -f postgres-deployment.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-pvc.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-service.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-config.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-secret.yml
|
||||
kubectl delete --ignore-not-found=true -f postgres-persistent-volume.yml
|
||||
|
||||
kubectl apply -f postgres-persistent-volume.yml
|
||||
kubectl apply -f postgres-secret.yml
|
||||
kubectl apply -f postgres-config.yml
|
||||
kubectl apply -f postgres-service.yml
|
||||
kubectl apply -f postgres-pvc.yml
|
||||
kubectl apply -f postgres-deployment.yml
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo -e "\n====================\n"
|
||||
echo -e "postgres is running"
|
||||
echo -e "\n====================\n"
|
||||
kubectl get all
|
||||
|
||||
echo -e "\n"
|
|
@ -1,61 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.app
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.commons.secret :as secret]
|
||||
[dda.config.commons.map-utils :as mu]
|
||||
[dda.pallet.core.app :as core-app]
|
||||
[dda.pallet.dda-config-crate.infra :as config-crate]
|
||||
[dda.pallet.dda-user-crate.app :as user]
|
||||
[dda.pallet.dda-k8s-crate.app :as k8s]
|
||||
[meissa.pallet.meissa-cloud.convention :as convention]
|
||||
[meissa.pallet.meissa-cloud.infra :as infra]))
|
||||
|
||||
(def with-cloud infra/with-cloud)
|
||||
|
||||
(def CloudConvention convention/CloudConvention)
|
||||
|
||||
(def CloudConventionResolved convention/CloudConventionResolved)
|
||||
|
||||
(def InfraResult convention/InfraResult)
|
||||
|
||||
(def CloudApp
|
||||
{:group-specific-config
|
||||
{s/Keyword (merge InfraResult
|
||||
user/InfraResult
|
||||
k8s/InfraResult)}})
|
||||
|
||||
(s/defn ^:always-validate
|
||||
app-configuration-resolved :- CloudApp
|
||||
[resolved-convention-config :- CloudConventionResolved
|
||||
& options]
|
||||
(let [{:keys [group-key] :or {group-key infra/facility}} options]
|
||||
(mu/deep-merge
|
||||
(k8s/app-configuration-resolved
|
||||
(convention/k8s-convention-configuration resolved-convention-config) :group-key group-key)
|
||||
{:group-specific-config
|
||||
{group-key
|
||||
(convention/infra-configuration resolved-convention-config)}})))
|
||||
|
||||
(s/defn ^:always-validate
|
||||
app-configuration :- CloudApp
|
||||
[convention-config :- CloudConvention
|
||||
& options]
|
||||
(let [resolved-convention-config (secret/resolve-secrets convention-config CloudConvention)]
|
||||
(apply app-configuration-resolved resolved-convention-config options)))
|
||||
|
||||
(s/defmethod ^:always-validate
|
||||
core-app/group-spec infra/facility
|
||||
[crate-app
|
||||
convention-config :- CloudConventionResolved]
|
||||
(let [app-config (app-configuration-resolved convention-config)]
|
||||
(core-app/pallet-group-spec
|
||||
app-config [(config-crate/with-config app-config)
|
||||
user/with-user
|
||||
k8s/with-k8s
|
||||
with-cloud])))
|
||||
|
||||
(def crate-app (core-app/make-dda-crate-app
|
||||
:facility infra/facility
|
||||
:convention-schema CloudConvention
|
||||
:convention-schema-resolved CloudConventionResolved
|
||||
:default-convention-file "cloud.edn"))
|
|
@ -1,93 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.convention
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.commons.secret :as secret]
|
||||
[dda.config.commons.map-utils :as mu]
|
||||
[clojure.spec.alpha :as sp]
|
||||
[clojure.spec.test.alpha :as st]
|
||||
[dda.pallet.dda-k8s-crate.convention :as k8s-convention]
|
||||
[meissa.pallet.meissa-cloud.infra :as infra]
|
||||
[clojure.string :as str]
|
||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]
|
||||
[meissa.pallet.meissa-cloud.convention.bash-php :as bash-php]))
|
||||
|
||||
(def InfraResult {infra/facility infra/MeissaCloudInfra})
|
||||
|
||||
(s/def CloudConvention
|
||||
{:user s/Keyword
|
||||
:external-ip s/Str
|
||||
:fqdn s/Str
|
||||
:cert-manager (s/enum :letsencrypt-prod-issuer :letsencrypt-staging-issuer)
|
||||
:db-user-password secret/Secret
|
||||
:admin-user s/Str
|
||||
:admin-password secret/Secret
|
||||
:storage-size s/Int
|
||||
:restic-repository s/Str
|
||||
:aws-access-key-id secret/Secret
|
||||
:aws-secret-access-key secret/Secret
|
||||
:restic-password secret/Secret
|
||||
(s/optional-key :u18-04) (s/enum true)})
|
||||
|
||||
(def CloudConventionResolved (secret/create-resolved-schema CloudConvention))
|
||||
|
||||
(sp/def ::user keyword?)
|
||||
(sp/def ::external-ip string?)
|
||||
(sp/def ::fqdn string?)
|
||||
(sp/def ::cert-manager #{:letsencrypt-prod-issuer :letsencrypt-staging-issuer})
|
||||
(sp/def ::db-user-password bash-php/bash-php-env-string?)
|
||||
(sp/def ::admin-user bash-php/bash-php-env-string?)
|
||||
(sp/def ::admin-password bash-php/bash-php-env-string?)
|
||||
(sp/def ::storage-size int?)
|
||||
(sp/def ::restic-repository string?)
|
||||
(sp/def ::restic-password bash/bash-env-string?)
|
||||
(sp/def ::aws-access-key-id bash/bash-env-string?)
|
||||
(sp/def ::aws-secret-access-key bash/bash-env-string?)
|
||||
(sp/def ::u18-04 #{true})
|
||||
(def cloud-convention-resolved? (sp/keys :req-un [::user ::external-ip ::fqdn ::cert-manager
|
||||
::db-user-password ::admin-user ::admin-password
|
||||
::storage-size ::restic-repository ::restic-password
|
||||
::aws-access-key-id ::aws-secret-access-key ]
|
||||
:opt-un [::u18-04]))
|
||||
|
||||
(def cloud-spec-resolved nil)
|
||||
|
||||
(s/defn k8s-convention-configuration :- k8s-convention/k8sConventionResolved
|
||||
[convention-config :- CloudConventionResolved]
|
||||
{:pre [(sp/valid? cloud-convention-resolved? convention-config)]}
|
||||
(let [{:keys [cert-manager external-ip user u18-04]} convention-config
|
||||
cluster-issuer (name cert-manager)]
|
||||
(if u18-04
|
||||
{:user user
|
||||
:k8s {:external-ip external-ip
|
||||
:u18-04 true}
|
||||
:cert-manager cert-manager}
|
||||
{:user user
|
||||
:k8s {:external-ip external-ip}
|
||||
:cert-manager cert-manager})))
|
||||
|
||||
|
||||
(s/defn ^:always-validate
|
||||
infra-configuration :- InfraResult
|
||||
[convention-config :- CloudConventionResolved]
|
||||
(let [{:keys [cert-manager fqdn user db-user-password admin-user admin-password storage-size
|
||||
restic-repository aws-access-key-id aws-secret-access-key restic-password]} convention-config
|
||||
cluster-issuer (name cert-manager)
|
||||
db-user-name "cloud"]
|
||||
{infra/facility
|
||||
{:user user
|
||||
:backup {:restic-repository restic-repository
|
||||
:aws-access-key-id aws-access-key-id
|
||||
:aws-secret-access-key aws-secret-access-key
|
||||
:restic-password restic-password}
|
||||
:cloud {:fqdn fqdn
|
||||
:secret-name (str/replace fqdn #"\." "-")
|
||||
:cluster-issuer cluster-issuer
|
||||
:db-name "cloud"
|
||||
:db-user-password db-user-password
|
||||
:db-user-name db-user-name
|
||||
:admin-user admin-user
|
||||
:admin-password admin-password
|
||||
:storage-size (str storage-size)}
|
||||
:postgres {:db-user-password db-user-password
|
||||
:db-user-name db-user-name}}}))
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.convention.bash
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
(defn bash-env-string?
|
||||
[input]
|
||||
(and (string? input)
|
||||
(not (re-matches #".*['\"\$]+.*" input))))
|
||||
|
||||
(s/def ::plain bash-env-string?)
|
|
@ -1,11 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.convention.bash-php
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[meissa.pallet.meissa-cloud.convention.bash :as bash]))
|
||||
|
||||
(defn bash-php-env-string?
|
||||
[input]
|
||||
(and (bash/bash-env-string? input)
|
||||
(not (re-matches #".*[\-\\\\]+.*" input))))
|
||||
|
||||
(s/def ::plain bash-php-env-string?)
|
|
@ -1,51 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.infra
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.pallet.core.infra :as core-infra]
|
||||
[meissa.pallet.meissa-cloud.infra.backup :as backup]
|
||||
[meissa.pallet.meissa-cloud.infra.cloud :as cloud]
|
||||
[meissa.pallet.meissa-cloud.infra.postgres :as postgres]))
|
||||
|
||||
(def facility :meissa-cloud)
|
||||
|
||||
(def MeissaCloudInfra
|
||||
(merge
|
||||
{:user s/Keyword}
|
||||
backup/MeissaBackupInfra
|
||||
cloud/MeissaCloudInfra
|
||||
postgres/MeissaPostgresInfra))
|
||||
|
||||
(s/defmethod core-infra/dda-init facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/init facility user-str postgres)
|
||||
(cloud/init facility user-str cloud)
|
||||
(backup/init facility user-str backup)))
|
||||
|
||||
(s/defmethod core-infra/dda-install facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/install facility user-str postgres)
|
||||
(cloud/install facility user-str cloud)
|
||||
(backup/install facility user-str backup)))
|
||||
|
||||
(s/defmethod core-infra/dda-configure facility
|
||||
[dda-crate config]
|
||||
(let [facility (:facility dda-crate)
|
||||
{:keys [user backup postgres cloud]} config
|
||||
user-str (name user)]
|
||||
(postgres/configure facility user-str postgres)
|
||||
(cloud/configure facility user-str cloud)
|
||||
(backup/configure facility user-str backup)))
|
||||
|
||||
(def meissa-cloud
|
||||
(core-infra/make-dda-crate-infra
|
||||
:facility facility
|
||||
:infra-schema MeissaCloudInfra))
|
||||
|
||||
(def with-cloud
|
||||
(core-infra/create-infra-plan meissa-cloud))
|
|
@ -1,39 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.infra.backup
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Backup
|
||||
{:restic-repository s/Str
|
||||
:aws-access-key-id s/Str
|
||||
:aws-secret-access-key s/Str
|
||||
:restic-password s/Str})
|
||||
|
||||
(def MeissaBackupInfra {:backup Backup})
|
||||
|
||||
(def backup "backup")
|
||||
|
||||
(defn init [facility user config])
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name backup
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name backup
|
||||
[{:filename "backup-secret.yml" :config config}
|
||||
{:filename "backup-config.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "backup-restore.yml"}
|
||||
{:filename "backup-cron.yml"}])))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name backup
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name backup "configure-as-user.sh")
|
||||
))
|
|
@ -1,57 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.infra.cloud
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Cloud
|
||||
{:fqdn s/Str
|
||||
:secret-name s/Str
|
||||
:cluster-issuer s/Str
|
||||
:db-name s/Str
|
||||
:db-user-name s/Str
|
||||
:db-user-password s/Str
|
||||
:admin-user s/Str
|
||||
:admin-password s/Str
|
||||
:storage-size s/Str})
|
||||
|
||||
(def MeissaCloudInfra {:cloud Cloud})
|
||||
|
||||
(def cloud "cloud")
|
||||
|
||||
(defn init
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "init")
|
||||
(p/copy-resources-to-tmp
|
||||
::pp/pallet facility-name cloud
|
||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
||||
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name cloud
|
||||
[{:filename "pod-running.sh"}
|
||||
{:filename "cloud-persistent-volume.yml" :config config}
|
||||
{:filename "cloud-secret.yml" :config config}
|
||||
{:filename "cloud-service.yml"}
|
||||
{:filename "cloud-pvc.yml" :config config}
|
||||
{:filename "cloud-pod.yml" :config config}
|
||||
{:filename "cloud-ingress.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "verify.sh" :config config}])
|
||||
(p/exec-file-on-target-as-root
|
||||
::pp/pallet facility-name cloud "install-as-root.sh")))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name cloud
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name cloud "configure-as-user.sh")))
|
|
@ -1,47 +0,0 @@
|
|||
(ns meissa.pallet.meissa-cloud.infra.postgres
|
||||
(:require
|
||||
[schema.core :as s]
|
||||
[dda.provision :as p]
|
||||
[dda.provision.pallet :as pp]))
|
||||
|
||||
(s/def Postgres {:db-user-name s/Str :db-user-password s/Str})
|
||||
|
||||
(def MeissaPostgresInfra {:postgres Postgres})
|
||||
|
||||
(def postgres "postgres")
|
||||
|
||||
(defn init
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "init")
|
||||
(p/copy-resources-to-tmp
|
||||
::pp/pallet facility-name postgres
|
||||
[{:filename "install-as-root.sh" :config {:user user}}])))
|
||||
|
||||
|
||||
(defn install
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "install")
|
||||
(p/copy-resources-to-user
|
||||
::pp/pallet user facility-name postgres
|
||||
[{:filename "postgres-persistent-volume.yml"}
|
||||
{:filename "postgres-secret.yml" :config config}
|
||||
{:filename "postgres-config.yml"}
|
||||
{:filename "postgres-service.yml"}
|
||||
{:filename "postgres-pvc.yml"}
|
||||
{:filename "postgres-deployment.yml" :config config}
|
||||
{:filename "configure-as-user.sh"}
|
||||
{:filename "verify.sh"}])
|
||||
(p/exec-file-on-target-as-root
|
||||
::pp/pallet facility-name postgres "install-as-root.sh")))
|
||||
|
||||
(defn configure
|
||||
[facility user config]
|
||||
(let [facility-name (name facility)]
|
||||
(p/provision-log ::pp/pallet facility-name postgres
|
||||
::p/info "configure")
|
||||
(p/exec-file-on-target-as-user
|
||||
::pp/pallet user facility-name postgres "configure-as-user.sh")))
|
|
@ -38,8 +38,8 @@
|
|||
:uberjar {:source-paths ["uberjar/src"]
|
||||
:resource-paths ["uberjar/resources"]
|
||||
:aot :all
|
||||
:main meissa.pallet.meissa-cloud.main
|
||||
:uberjar-name "meissa-cloud-standalone.jar"
|
||||
:main dda.c4k-nextcloud.uberjar
|
||||
:uberjar-name "c4k-nextcloud-standalone.jar"
|
||||
:dependencies [[org.clojure/tools.cli "1.0.194"]
|
||||
[ch.qos.logback/logback-classic "1.3.0-alpha5"]
|
||||
[org.slf4j/jcl-over-slf4j "2.0.0-alpha1"]]}}
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
(ns dda.c4k-cloud.uberjar
|
||||
(ns dda.c4k-nextcloud.uberjar
|
||||
(:gen-class)
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[clojure.string :as cs]
|
||||
[clojure.tools.reader.edn :as edn]
|
||||
[expound.alpha :as expound]
|
||||
[dda.c4k-cloud.core :as core]))
|
||||
[dda.c4k-nextcloud.core :as core]))
|
||||
|
||||
(def usage
|
||||
"usage:
|
||||
|
||||
c4k-cloud {your configuraton file} {your authorization file}")
|
||||
c4k-nextcloud {your configuraton file} {your authorization file}")
|
||||
|
||||
(s/def ::options (s/* #{"-h"}))
|
||||
(s/def ::filename (s/and string?
|
|
@ -1,4 +1,4 @@
|
|||
(ns dda.c4k-cloud.backup
|
||||
(ns dda.c4k-nextcloud.backup
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:cljs [shadow.resource :as rc])
|
|
@ -1,4 +1,4 @@
|
|||
(ns dda.c4k-cloud.cloud
|
||||
(ns dda.c4k-nextcloud.nextcloud
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
|
@ -7,31 +7,32 @@
|
|||
|
||||
(s/def ::fqdn cm/fqdn-string?)
|
||||
(s/def ::issuer cm/letsencrypt-issuer?)
|
||||
(s/def ::cloud-data-volume-path string?)
|
||||
(s/def ::restic-repository string?)
|
||||
(s/def ::nextcloud-data-volume-path string?)
|
||||
|
||||
#?(:cljs
|
||||
(defmethod yaml/load-resource :cloud [resource-name]
|
||||
(defmethod yaml/load-resource :nextcloud [resource-name]
|
||||
(case resource-name
|
||||
"cloud/certificate.yaml" (rc/inline "cloud/certificate.yaml")
|
||||
"cloud/deployment.yaml" (rc/inline "cloud/deployment.yaml")
|
||||
"cloud/ingress.yaml" (rc/inline "cloud/ingress.yaml")
|
||||
"cloud/persistent-volume.yaml" (rc/inline "cloud/persistent-volume.yaml")
|
||||
"cloud/pvc.yaml" (rc/inline "cloud/pvc.yaml")
|
||||
"cloud/service.yaml" (rc/inline "cloud/service.yaml")
|
||||
"nextcloud/certificate.yaml" (rc/inline "nextcloud/certificate.yaml")
|
||||
"nextcloud/deployment.yaml" (rc/inline "nextcloud/deployment.yaml")
|
||||
"nextcloud/ingress.yaml" (rc/inline "nextcloud/ingress.yaml")
|
||||
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
|
||||
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
|
||||
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(defn generate-certificate [config]
|
||||
(let [{:keys [fqdn issuer]} config
|
||||
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||
(->
|
||||
(yaml/from-string (yaml/load-resource "cloud/certificate.yaml"))
|
||||
(yaml/from-string (yaml/load-resource "nextcloud/certificate.yaml"))
|
||||
(assoc-in [:spec :commonName] fqdn)
|
||||
(assoc-in [:spec :dnsNames] [fqdn])
|
||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
|
||||
|
||||
(defn generate-deployment [config]
|
||||
(let [{:keys [fqdn]} config]
|
||||
(-> (yaml/from-string (yaml/load-resource "cloud/deployment.yaml"))
|
||||
(-> (yaml/from-string (yaml/load-resource "nextcloud/deployment.yaml"))
|
||||
(cm/replace-named-value "FQDN" fqdn))))
|
||||
|
||||
(defn generate-ingress [config]
|
||||
|
@ -39,18 +40,18 @@
|
|||
:or {issuer :staging}} config
|
||||
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||
(->
|
||||
(yaml/from-string (yaml/load-resource "cloud/ingress.yaml"))
|
||||
(yaml/from-string (yaml/load-resource "nextcloud/ingress.yaml"))
|
||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||
|
||||
(defn generate-persistent-volume [config]
|
||||
(let [{:keys [cloud-data-volume-path]} config]
|
||||
(let [{:keys [nextcloud-data-volume-path]} config]
|
||||
(->
|
||||
(yaml/from-string (yaml/load-resource "cloud/persistent-volume.yaml"))
|
||||
(assoc-in [:spec :hostPath :path] cloud-data-volume-path))))
|
||||
(yaml/from-string (yaml/load-resource "nextcloud/persistent-volume.yaml"))
|
||||
(assoc-in [:spec :hostPath :path] nextcloud-data-volume-path))))
|
||||
|
||||
(defn generate-pvc []
|
||||
(yaml/from-string (yaml/load-resource "cloud/pvc.yaml")))
|
||||
(yaml/from-string (yaml/load-resource "nextcloud/pvc.yaml")))
|
||||
|
||||
(defn generate-service []
|
||||
(yaml/from-string (yaml/load-resource "cloud/service.yaml")))
|
||||
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
|
|
@ -1,4 +1,4 @@
|
|||
(ns dda.c4k-cloud.core
|
||||
(ns dda.c4k-nextcloud.core
|
||||
(:require
|
||||
[clojure.string :as cs]
|
||||
[clojure.spec.alpha :as s]
|
||||
|
@ -6,13 +6,13 @@
|
|||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-common.postgres :as postgres]
|
||||
[dda.c4k-cloud.cloud :as cloud]
|
||||
[dda.c4k-cloud.backup :as backup]))
|
||||
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||
[dda.c4k-nextcloud.backup :as backup]))
|
||||
|
||||
(def config-defaults {:issuer :staging})
|
||||
|
||||
(def config? (s/keys :req-un [::cloud/fqdn]
|
||||
:opt-un [::cloud/issuer ::cloud/cloud-data-volume-path
|
||||
(def config? (s/keys :req-un [::nextcloud/fqdn]
|
||||
:opt-un [::nextcloud/issuer ::nextcloud/nextcloud-data-volume-path
|
||||
::postgres/postgres-data-volume-path ::restic-repository]))
|
||||
|
||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
||||
|
@ -29,14 +29,14 @@
|
|||
[(yaml/to-string (postgres/generate-pvc))
|
||||
(yaml/to-string (postgres/generate-deployment))
|
||||
(yaml/to-string (postgres/generate-service))]
|
||||
(when (contains? config :cloud-data-volume-path)
|
||||
[(yaml/to-string (cloud/generate-persistent-volume config))])
|
||||
[(yaml/to-string (cloud/generate-pvc))
|
||||
(yaml/to-string (cloud/generate-deployment config))
|
||||
(yaml/to-string (cloud/generate-service))
|
||||
(yaml/to-string (cloud/generate-certificate config))
|
||||
(yaml/to-string (cloud/generate-ingress config))
|
||||
(yaml/to-string (cloud/generate-service))]
|
||||
(when (contains? config :nextcloud-data-volume-path)
|
||||
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
|
||||
[(yaml/to-string (nextcloud/generate-pvc))
|
||||
(yaml/to-string (nextcloud/generate-deployment config))
|
||||
(yaml/to-string (nextcloud/generate-service))
|
||||
(yaml/to-string (nextcloud/generate-certificate config))
|
||||
(yaml/to-string (nextcloud/generate-ingress config))
|
||||
(yaml/to-string (nextcloud/generate-service))]
|
||||
(when (contains? config :restic-repository)
|
||||
[(yaml/to-string (backup/generate-config config))
|
||||
(yaml/to-string (backup/generate-secret config))
|
|
@ -1,19 +1,20 @@
|
|||
(ns dda.c4k-cloud.browser
|
||||
(ns dda.c4k-nextcloud.browser
|
||||
(:require
|
||||
[clojure.tools.reader.edn :as edn]
|
||||
[dda.c4k-cloud.core :as core]
|
||||
[dda.c4k-cloud.cloud :as cloud]
|
||||
[dda.c4k-common.browser :as br]))
|
||||
[dda.c4k-nextcloud.core :as core]
|
||||
[dda.c4k-nextcloud.nextcloud :as nextcloud]
|
||||
[dda.c4k-common.browser :as br]
|
||||
[dda.c4k-common.postgres :as pgc]))
|
||||
|
||||
(defn config-from-document []
|
||||
(let [cloud-data-volume-path (br/get-content-from-element "cloud-data-volume-path" :optional true :deserializer keyword)
|
||||
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true :deserializer keyword)
|
||||
restic-repository (br/get-content-from-element "restic-repository" :optional true :deserializer keyword)
|
||||
(let [nextcloud-data-volume-path (br/get-content-from-element "nextcloud-data-volume-path" :optional true)
|
||||
postgres-data-volume-path (br/get-content-from-element "postgres-data-volume-path" :optional true)
|
||||
restic-repository (br/get-content-from-element "restic-repository" :optional true)
|
||||
issuer (br/get-content-from-element "issuer" :optional true :deserializer keyword)]
|
||||
(merge
|
||||
{:fqdn (br/get-content-from-element "fqdn")}
|
||||
(when (some? cloud-data-volume-path)
|
||||
{:cloud-data-volume-path cloud-data-volume-path})
|
||||
(when (some? nextcloud-data-volume-path)
|
||||
{:nextcloud-data-volume-path nextcloud-data-volume-path})
|
||||
(when (some? postgres-data-volume-path)
|
||||
{:postgres-data-volume-path postgres-data-volume-path})
|
||||
(when (some? restic-repository)
|
||||
|
@ -23,11 +24,11 @@
|
|||
)))
|
||||
|
||||
(defn validate-all! []
|
||||
(br/validate! "fqdn" ::cloud/fqdn)
|
||||
(br/validate! "cloud-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword)
|
||||
(br/validate! "postgres-data-volume-path" ::cloud/cloud-data-volume-path :optional true :deserializer keyword)
|
||||
(br/validate! "restic-repository" ::cloud/restic-repository :optional true :deserializer keyword)
|
||||
(br/validate! "issuer" ::cloud/issuer :optional true :deserializer keyword)
|
||||
(br/validate! "fqdn" ::nextcloud/fqdn)
|
||||
(br/validate! "nextcloud-data-volume-path" ::nextcloud/nextcloud-data-volume-path :optional true)
|
||||
(br/validate! "postgres-data-volume-path" ::pgc/postgres-data-volume-path :optional true)
|
||||
(br/validate! "restic-repository" ::nextcloud/restic-repository :optional true)
|
||||
(br/validate! "issuer" ::nextcloud/issuer :optional true :deserializer keyword)
|
||||
(br/validate! "auth" core/auth? :deserializer edn/read-string)
|
||||
(br/set-validated!))
|
||||
|
||||
|
@ -43,7 +44,7 @@
|
|||
(-> (br/get-element-by-id "fqdn")
|
||||
(.addEventListener "blur"
|
||||
#(do (validate-all!))))
|
||||
(-> (br/get-element-by-id "cloud-data-volume-path")
|
||||
(-> (br/get-element-by-id "nextcloud-data-volume-path")
|
||||
(.addEventListener "blur"
|
||||
#(do (validate-all!))))
|
||||
(-> (br/get-element-by-id "postgres-data-volume-path")
|
|
@ -12,21 +12,12 @@ spec:
|
|||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint-start-and-wait.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-user
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: postgres-config
|
||||
key: postgres-db
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-password
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
|
@ -52,10 +43,16 @@ spec:
|
|||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
|
|
|
@ -6,33 +6,24 @@ metadata:
|
|||
app.kubernetes.part-of: cloud
|
||||
spec:
|
||||
schedule: "10 23 * * *"
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 1
|
||||
successfulJobsHistoryLimit: 0
|
||||
failedJobsHistoryLimit: 0
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: backup-app
|
||||
image: domaindrivenarchitecture/c4k-cloud-backup
|
||||
image: domaindrivenarchitecture/meissa-cloud-backup
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/entrypoint.sh"]
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-password
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: postgres-config
|
||||
key: postgres-db
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
- name: POSTGRES_SERVICE
|
||||
|
@ -58,10 +49,16 @@ spec:
|
|||
- name: backup-secret-volume
|
||||
mountPath: /var/run/secrets/backup-secrets
|
||||
readOnly: true
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
|
|
|
@ -3,7 +3,7 @@ kind: Secret
|
|||
metadata:
|
||||
name: backup-secret
|
||||
type: Opaque
|
||||
data:
|
||||
stringData:
|
||||
aws-access-key-id: aws-access-key-id
|
||||
aws-secret-access-key: aws-secret-access-key
|
||||
restic-password: restic-password
|
|
@ -14,27 +14,39 @@ spec:
|
|||
app: cloud
|
||||
spec:
|
||||
containers:
|
||||
- image: domaindrivenarchitecture/c4k-cloud
|
||||
- image: domaindrivenarchitecture/meissa-cloud-app
|
||||
name: cloud-app
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: DB_USERNAME_FILE
|
||||
value: /var/run/secrets/postgres-secret/postgres-user
|
||||
- name: DB_PASSWORD_FILE
|
||||
value: /var/run/secrets/postgres-secret/postgres-password
|
||||
- name: FQDN
|
||||
value: fqdn
|
||||
command: ["/app/entrypoint.sh"]
|
||||
- name: NEXTCLOUD_ADMIN_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: "{{fqdn}}"
|
||||
- name: POSTGRES_USER_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
||||
- name: POSTGRES_PASSWORD_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
||||
- name: POSTGRES_DB_FILE
|
||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
||||
- name: POSTGRES_HOST
|
||||
value: "postgresql-service:5432"
|
||||
volumeMounts:
|
||||
- mountPath: /var/cloud
|
||||
name: cloud-data-volume
|
||||
- name: postgres-secret-volume
|
||||
mountPath: /var/run/secrets/postgres-secret
|
||||
- name: cloud-data-volume
|
||||
mountPath: /var/www/html
|
||||
- name: cloud-secret-volume
|
||||
mountPath: /var/run/secrets/cloud-secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: cloud-pvc
|
||||
- name: postgres-secret-volume
|
||||
- name: cloud-secret-volume
|
||||
secret:
|
||||
secretName: postgres-secret
|
||||
secretName: cloud-secret
|
||||
- name: backup-secret-volume
|
||||
secret:
|
||||
secretName: backup-secret
|
||||
|
|
|
@ -23,4 +23,4 @@ spec:
|
|||
- path: /
|
||||
backend:
|
||||
serviceName: cloud-service
|
||||
servicePort: 8080
|
||||
servicePort: 80
|
||||
|
|
|
@ -4,11 +4,12 @@ metadata:
|
|||
name: cloud-pv-volume
|
||||
labels:
|
||||
type: local
|
||||
app: cloud
|
||||
spec:
|
||||
storageClassName: manual
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
capacity:
|
||||
storage: 30Gi
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
hostPath:
|
||||
path: "/var/cloud"
|
||||
|
|
0
main/resources/cloud/pod-running.sh → src/main/resources/cloud/pod-running.sh
Executable file → Normal file
0
main/resources/cloud/pod-running.sh → src/main/resources/cloud/pod-running.sh
Executable file → Normal file
|
@ -10,4 +10,7 @@ spec:
|
|||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 30Gi
|
||||
storage: {{storage-size}}Gi #??? 30Gi?
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cloud
|
||||
|
|
|
@ -4,6 +4,6 @@ metadata:
|
|||
name: cloud-service
|
||||
spec:
|
||||
selector:
|
||||
app: cloud
|
||||
app.kubernetes.io/name: cloud #???
|
||||
ports:
|
||||
- port: 8080
|
||||
- port: 80
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
<configuration scan="true" scanPeriod="1 seconds" debug="false">
|
||||
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
|
||||
<encoder>
|
||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
||||
</encoder>
|
||||
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
|
||||
<level>INFO</level>
|
||||
</filter>
|
||||
</appender>
|
||||
|
||||
<appender name="PALLETFILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
||||
<file>logs/pallet.log</file>
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<fileNamePattern>logs/old/pallet.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>3</maxHistory>
|
||||
</rollingPolicy>
|
||||
<encoder>
|
||||
<pattern>%date %level [%thread] %logger{10} %msg%n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<logger name="clj-ssh.ssh" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet.ssh" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="pallet.algo" level="ERROR">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="dda" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<logger name="meissa" level="DEBUG">
|
||||
<appender-ref ref="PALLETFILE" />
|
||||
</logger>
|
||||
|
||||
<root level="DEBUG">
|
||||
<appender-ref ref="CONSOLE" />
|
||||
</root>
|
||||
|
||||
</configuration>
|
|
@ -1,93 +0,0 @@
|
|||
(ns dda.c4k-cloud.backup-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.backup :as cut]))
|
||||
|
||||
|
||||
(deftest should-generate-secret
|
||||
(is (= {:apiVersion "v1"
|
||||
:kind "Secret"
|
||||
:metadata {:name "backup-secret"}
|
||||
:type "Opaque"
|
||||
:data
|
||||
{:aws-access-key-id "YXdzLWlk", :aws-secret-access-key "YXdzLXNlY3JldA==", :restic-password "cmVzdGljLXB3"}}
|
||||
(cut/generate-secret {:aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-pw"}))))
|
||||
|
||||
(deftest should-generate-config
|
||||
(is (= {:apiVersion "v1"
|
||||
:kind "ConfigMap"
|
||||
:metadata {:name "backup-config"
|
||||
:labels {:app.kubernetes.io/name "backup"
|
||||
:app.kubernetes.io/part-of "cloud"}}
|
||||
:data
|
||||
{:restic-repository "s3:restic-repository"}}
|
||||
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
|
||||
|
||||
(deftest should-generate-cron
|
||||
(is (= {:apiVersion "batch/v1beta1"
|
||||
:kind "CronJob"
|
||||
:metadata {:name "cloud-backup"
|
||||
:labels {:app.kubernetes.part-of "cloud"}}
|
||||
:spec {:schedule "10 23 * * *"
|
||||
:successfulJobsHistoryLimit 1
|
||||
:failedJobsHistoryLimit 1
|
||||
:jobTemplate
|
||||
{:spec
|
||||
{:template
|
||||
{:spec
|
||||
{:containers
|
||||
[{:name "backup-app"
|
||||
:image "domaindrivenarchitecture/c4k-cloud-backup"
|
||||
:imagePullPolicy "IfNotPresent"
|
||||
:command ["/entrypoint.sh"]
|
||||
:env
|
||||
[{:name "POSTGRES_USER"
|
||||
:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret"
|
||||
:key "postgres-user"}}}
|
||||
{:name "POSTGRES_PASSWORD"
|
||||
:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret"
|
||||
:key "postgres-password"}}}
|
||||
{:name "POSTGRES_DB"
|
||||
:valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "postgres-config"
|
||||
:key "postgres-db"}}}
|
||||
{:name "POSTGRES_HOST"
|
||||
:value "postgresql-service:5432"}
|
||||
{:name "POSTGRES_SERVICE"
|
||||
:value "postgresql-service"}
|
||||
{:name "POSTGRES_PORT"
|
||||
:value "5432"}
|
||||
{:name "AWS_DEFAULT_REGION"
|
||||
:value "eu-central-1"}
|
||||
{:name "AWS_ACCESS_KEY_ID_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/aws-access-key-id"}
|
||||
{:name "AWS_SECRET_ACCESS_KEY_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
|
||||
{:name "RESTIC_REPOSITORY"
|
||||
:valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "backup-config"
|
||||
:key "restic-repository"}}}
|
||||
{:name "RESTIC_PASSWORD_FILE"
|
||||
:value "/var/run/secrets/backup-secrets/restic-password"}]
|
||||
:volumeMounts
|
||||
[{:name "cloud-data-volume"
|
||||
:mountPath "/var/backups"}
|
||||
{:name "backup-secret-volume"
|
||||
:mountPath "/var/run/secrets/backup-secrets"
|
||||
:readOnly true}]}]
|
||||
:volumes
|
||||
[{:name "cloud-data-volume"
|
||||
:persistentVolumeClaim
|
||||
{:claimName "cloud-pvc"}}
|
||||
{:name "backup-secret-volume"
|
||||
:secret
|
||||
{:secretName "backup-secret"}}]
|
||||
:restartPolicy "OnFailure"}}}}}}
|
||||
(cut/generate-cron))))
|
|
@ -1,80 +0,0 @@
|
|||
(ns dda.c4k-cloud.cloud-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.cloud :as cut]))
|
||||
|
||||
(deftest should-generate-certificate
|
||||
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
||||
:kind "Certificate"
|
||||
:metadata {:name "cloud-cert", :namespace "default"}
|
||||
:spec
|
||||
{:secretName "cloud-secret"
|
||||
:commonName "xx"
|
||||
:dnsNames ["xx"]
|
||||
:issuerRef
|
||||
{:name "letsencrypt-prod-issuer", :kind "ClusterIssuer"}}}
|
||||
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
||||
|
||||
(deftest should-generate-ingress
|
||||
(is (= {:apiVersion "extensions/v1beta1"
|
||||
:kind "Ingress"
|
||||
:metadata
|
||||
{:name "ingress-cloud"
|
||||
:annotations
|
||||
{:cert-manager.io/cluster-issuer
|
||||
"letsencrypt-staging-issuer"
|
||||
:nginx.ingress.kubernetes.io/proxy-body-size "256m"
|
||||
:nginx.ingress.kubernetes.io/ssl-redirect "true"
|
||||
:nginx.ingress.kubernetes.io/rewrite-target "/"
|
||||
:nginx.ingress.kubernetes.io/proxy-connect-timeout "300"
|
||||
:nginx.ingress.kubernetes.io/proxy-send-timeout "300"
|
||||
:nginx.ingress.kubernetes.io/proxy-read-timeout "300"}
|
||||
:namespace "default"}
|
||||
:spec
|
||||
{:tls [{:hosts ["xx"], :secretName "cloud-secret"}]
|
||||
:rules
|
||||
[{:host "xx"
|
||||
:http
|
||||
{:paths
|
||||
[{:path "/"
|
||||
:backend
|
||||
{:serviceName "cloud-service", :servicePort 8080}}]}}]}}
|
||||
(cut/generate-ingress {:fqdn "xx"}))))
|
||||
|
||||
(deftest should-generate-persistent-volume
|
||||
(is (= {:kind "PersistentVolume"
|
||||
:apiVersion "v1"
|
||||
:metadata {:name "cloud-pv-volume", :labels {:type "local"}}
|
||||
:spec
|
||||
{:storageClassName "manual"
|
||||
:accessModes ["ReadWriteOnce"]
|
||||
:capacity {:storage "30Gi"}
|
||||
:hostPath {:path "xx"}}}
|
||||
(cut/generate-persistent-volume {:cloud-data-volume-path "xx"}))))
|
||||
|
||||
(deftest should-generate-deployment
|
||||
(is (= {:containers
|
||||
[{:image "domaindrivenarchitecture/c4k-cloud"
|
||||
:name "cloud-app"
|
||||
:imagePullPolicy "IfNotPresent"
|
||||
:env
|
||||
[{:name "DB_USERNAME_FILE"
|
||||
:value
|
||||
"/var/run/secrets/postgres-secret/postgres-user"}
|
||||
{:name "DB_PASSWORD_FILE"
|
||||
:value
|
||||
"/var/run/secrets/postgres-secret/postgres-password"}
|
||||
{:name "FQDN", :value "xx"}]
|
||||
:command ["/app/entrypoint.sh"]
|
||||
:volumeMounts
|
||||
[{:mountPath "/var/cloud", :name "cloud-data-volume"}
|
||||
{:name "postgres-secret-volume"
|
||||
:mountPath "/var/run/secrets/postgres-secret"
|
||||
:readOnly true}]}]
|
||||
:volumes
|
||||
[{:name "cloud-data-volume"
|
||||
:persistentVolumeClaim {:claimName "cloud-pvc"}}
|
||||
{:name "postgres-secret-volume"
|
||||
:secret {:secretName "postgres-secret"}}]}
|
||||
(get-in (cut/generate-deployment {:fqdn "xx"}) [:spec :template :spec]))))
|
|
@ -1,35 +0,0 @@
|
|||
(ns dda.c4k-cloud.core-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.c4k-cloud.core :as cut]))
|
||||
|
||||
(deftest should-k8s-objects
|
||||
(is (= 16
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:cloud-data-volume-path "/var/cloud"
|
||||
:postgres-data-volume-path "/var/postgres"
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"
|
||||
:restic-repository "restic-repository"}))))
|
||||
(is (= 14
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"
|
||||
:restic-repository "restic-repository"}))))
|
||||
(is (= 11
|
||||
(count (cut/k8s-objects {:fqdn "cloud-neu.prod.meissa-gmbh.de"
|
||||
:postgres-db-user "cloud"
|
||||
:postgres-db-password "cloud-db-password"
|
||||
:issuer :prod
|
||||
:aws-access-key-id "aws-id"
|
||||
:aws-secret-access-key "aws-secret"
|
||||
:restic-password "restic-pw"})))))
|
|
@ -1,8 +1,8 @@
|
|||
(ns meissa.pallet.meissa-cloud.app-test
|
||||
(ns meissa.pallet.meissa-nextcloud.app-test
|
||||
(:require
|
||||
[clojure.test :refer :all]
|
||||
[schema.core :as s]
|
||||
[meissa.pallet.meissa-cloud.app :as sut]))
|
||||
[meissa.pallet.meissa-nextcloud.app :as sut]))
|
||||
|
||||
(s/set-fn-validation! true)
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
|||
:admin-user "root"
|
||||
:admin-password "test1234"
|
||||
:storage-size 50
|
||||
:restic-repository "cloud"
|
||||
:restic-repository "nextcloud"
|
||||
:aws-access-key-id "10"
|
||||
:aws-secret-access-key "secret"
|
||||
:restic-password "test4321"})
|
||||
|
@ -28,4 +28,4 @@
|
|||
(deftest plan-def
|
||||
(testing
|
||||
"test plan-def"
|
||||
(is (map? sut/with-cloud))))
|
||||
(is (map? sut/with-nextcloud))))
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
(ns meissa.pallet.meissa-cloud.main
|
||||
(ns meissa.pallet.meissa-nextcloud.main
|
||||
(:gen-class)
|
||||
(:require
|
||||
[clojure.string :as str]
|
||||
[clojure.tools.cli :as cli]
|
||||
[dda.pallet.core.main-helper :as mh]
|
||||
[dda.pallet.core.app :as core-app]
|
||||
[meissa.pallet.meissa-cloud.app :as app]))
|
||||
[meissa.pallet.meissa-nextcloud.app :as app]))
|
||||
|
||||
(def cli-options
|
||||
[["-h" "--help"]
|
||||
|
@ -17,16 +17,16 @@
|
|||
(defn usage [options-summary]
|
||||
(str/join
|
||||
\newline
|
||||
["meissa-cloud installs & configures a single host kubernetes cluster with Cloud installed"
|
||||
["meissa-nextcloud installs & configures a single host kubernetes cluster with nextcloud installed"
|
||||
""
|
||||
"Usage: java -jar meissa-cloud-standalone.jar [options] cloud.edn"
|
||||
"Usage: java -jar meissa-nextcloud-standalone.jar [options] nextcloud.edn"
|
||||
""
|
||||
"Options:"
|
||||
options-summary
|
||||
""
|
||||
"cloud.edn"
|
||||
"nextcloud.edn"
|
||||
" - follows the edn format."
|
||||
" - has to be a valid CloudConventionConfig"
|
||||
" - has to be a valid nextcloudConventionConfig"
|
||||
""]))
|
||||
|
||||
(defn -main [& args]
|
||||
|
|
Loading…
Reference in a new issue