now cloud container is starting

This commit is contained in:
jem 2021-09-15 18:34:40 +02:00
parent cce1fdc207
commit 456f17562b
9 changed files with 107 additions and 29 deletions

View file

@ -17,6 +17,7 @@
::nextcloud/storage-size]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
::nextcloud/nextcloud-admin-user ::nextcloud/nextcloud-admin-password
::aws-access-key-id ::aws-secret-access-key
::restic-password]))
@ -32,12 +33,12 @@
(yaml/to-string (postgres/generate-service))]
(when (contains? config :nextcloud-data-volume-path)
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
[(yaml/to-string (nextcloud/generate-pvc))
[(yaml/to-string (nextcloud/generate-secret config))
(yaml/to-string (nextcloud/generate-pvc))
(yaml/to-string (nextcloud/generate-deployment config))
(yaml/to-string (nextcloud/generate-service))
(yaml/to-string (nextcloud/generate-certificate config))
(yaml/to-string (nextcloud/generate-ingress config))
(yaml/to-string (nextcloud/generate-service))]
(yaml/to-string (nextcloud/generate-ingress config))]
(when (contains? config :restic-repository)
[(yaml/to-string (backup/generate-config config))
(yaml/to-string (backup/generate-secret config))

View file

@ -3,12 +3,16 @@
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.prefixes :as cp]
[dda.c4k-common.common :as cm]))
(s/def ::fqdn cm/fqdn-string?)
(s/def ::issuer cm/letsencrypt-issuer?)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::restic-repository string?)
(s/def ::nextcloud-data-volume-path string?)
(s/def ::nextcloud-admin-user cp/bash-env-string?)
(s/def ::nextcloud-admin-password cp/bash-env-string?)
#?(:cljs
(defmethod yaml/load-resource :nextcloud [resource-name]
@ -19,6 +23,7 @@
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
"nextcloud/secret.yaml" (rc/inline "nextcloud/secret.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn generate-certificate [config]
@ -57,3 +62,10 @@
(defn generate-service []
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
(defn generate-secret [config]
(let [{:keys [nextcloud-admin-user nextcloud-admin-password]} config]
(->
(yaml/from-string (yaml/load-resource "nextcloud/secret.yaml"))
(cm/replace-key-value :nextcloud-admin-user (b64/encode nextcloud-admin-user))
(cm/replace-key-value :nextcloud-admin-password (b64/encode nextcloud-admin-password)))))

View file

@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: backup-app
image: domaindrivenarchitecture/meissa-cloud-backup
image: domaindrivenarchitecture/c4k-cloud-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
env:

View file

@ -14,7 +14,7 @@ spec:
app: cloud
spec:
containers:
- image: domaindrivenarchitecture/meissa-cloud-app
- image: domaindrivenarchitecture/c4k-cloud-app
name: cloud-app
imagePullPolicy: IfNotPresent
ports:
@ -27,11 +27,11 @@ spec:
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: fqdn
- name: POSTGRES_USER_FILE
value: /var/run/secrets/cloud-secrets/postgres-user
value: /var/run/secrets/postgres-secret/postgres-user
- name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/postgres-password
value: /var/run/secrets/postgres-secret/postgres-password
- name: POSTGRES_DB_FILE
value: /var/run/secrets/cloud-secrets/postgres-db
value: /var/run/configs/postgres-config/postgres-db
- name: POSTGRES_HOST
value: "postgresql-service:5432"
volumeMounts:
@ -40,6 +40,12 @@ spec:
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
- name: postgres-secret-volume
mountPath: /var/run/secrets/postgres-secret
readOnly: true
- name: postgres-config-volume
mountPath: /var/run/configs/postgres-config
readOnly: true
volumes:
- name: cloud-data-volume
persistentVolumeClaim:
@ -47,6 +53,15 @@ spec:
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: postgres-secret-volume
secret:
secretName: postgres-secret
- name: postgres-config-volume
configMap:
name: postgres-config
items:
- key: postgres-db
path: postgres-db
- name: backup-secret-volume
secret:
secretName: backup-secret

View file

@ -1,4 +1,4 @@
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-cloud
@ -21,6 +21,9 @@ spec:
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: cloud-service
servicePort: 80
service:
name: cloud-service
port:
number: 80

View file

@ -4,8 +4,5 @@ metadata:
name: cloud-secret
type: Opaque
stringData:
postgres-db: db-name
postgres-user: db-user-name
postgres-password: db-user-password
nextcloud-admin-user: admin-user
nextcloud-admin-password: admin-password

View file

@ -9,6 +9,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod
:nextcloud-data-volume-path "/var/nextcloud"
:postgres-data-volume-path "/var/postgres"
@ -20,6 +22,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
@ -29,6 +33,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"

View file

@ -4,6 +4,17 @@
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-nextcloud.nextcloud :as cut]))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "cloud-secret"}
:type "Opaque"
:stringData
{:nextcloud-admin-user "Y2xvdWRhZG1pbg=="
:nextcloud-admin-password "Y2xvdWRwYXNzd29yZA=="}}
(cut/generate-secret {:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"}))))
(deftest should-generate-certificate
(is (= {:apiVersion "cert-manager.io/v1alpha2"
:kind "Certificate"
@ -17,7 +28,7 @@
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
(deftest should-generate-ingress
(is (= {:apiVersion "extensions/v1beta1"
(is (= {:apiVersion "networking.k8s.io/v1"
:kind "Ingress"
:metadata
{:name "ingress-cloud"
@ -38,8 +49,10 @@
:http
{:paths
[{:path "/"
:pathType "Prefix"
:backend
{:serviceName "cloud-service", :servicePort 80}}]}}]}}
{:service
{:name "cloud-service", :port {:number 80}}}}]}}]}}
(cut/generate-ingress {:fqdn "xx"}))))
(deftest should-generate-persistent-volume
@ -69,18 +82,47 @@
:imagePullPolicy "IfNotPresent"
:ports [{:containerPort 80}]
:env
[{:name "NEXTCLOUD_ADMIN_USER_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
[{:name "NEXTCLOUD_ADMIN_USER_FILE"
:value
"/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE"
:value
"/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
{:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"}
{:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"}
{:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"}
{:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"}
{:name "POSTGRES_HOST", :value "postgresql-service:5432"}]
{:name "POSTGRES_USER_FILE"
:value
"/var/run/secrets/postgres-secret/postgres-user"}
{:name "POSTGRES_PASSWORD_FILE"
:value
"/var/run/secrets/postgres-secret/postgres-password"}
{:name "POSTGRES_DB_FILE"
:value
"/var/run/configs/postgres-config/postgres-db"}
{:name "POSTGRES_HOST"
:value "postgresql-service:5432"}]
:volumeMounts
[{:name "cloud-data-volume", :mountPath "/var/www/html"}
{:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}]
[{:name "cloud-data-volume"
:mountPath "/var/www/html"}
{:name "cloud-secret-volume"
:mountPath "/var/run/secrets/cloud-secrets"
:readOnly true}
{:name "postgres-secret-volume"
:mountPath "/var/run/secrets/postgres-secret"
:readOnly true}
{:name "postgres-config-volume"
:mountPath "/var/run/configs/postgres-config"
:readOnly true}]}]
:volumes
[{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}}
{:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}}
{:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]}}}}
[{:name "cloud-data-volume"
:persistentVolumeClaim {:claimName "cloud-pvc"}}
{:name "cloud-secret-volume"
:secret {:secretName "cloud-secret"}}
{:name "postgres-secret-volume"
:secret {:secretName "postgres-secret"}}
{:name "postgres-config-volume"
:configMap
{:name "postgres-config"
:items [{:key "postgres-db", :path "postgres-db"}]}}
{:name "backup-secret-volume"
:secret {:secretName "backup-secret"}}]}}}}
(cut/generate-deployment {:fqdn "xx"}))))

View file

@ -1,5 +1,7 @@
{:postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-password"}