diff --git a/src/main/cljc/dda/c4k_nextcloud/core.cljc b/src/main/cljc/dda/c4k_nextcloud/core.cljc index bb666fa..620d739 100644 --- a/src/main/cljc/dda/c4k_nextcloud/core.cljc +++ b/src/main/cljc/dda/c4k_nextcloud/core.cljc @@ -17,6 +17,7 @@ ::nextcloud/storage-size])) (def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password + ::nextcloud/nextcloud-admin-user ::nextcloud/nextcloud-admin-password ::aws-access-key-id ::aws-secret-access-key ::restic-password])) @@ -32,12 +33,12 @@ (yaml/to-string (postgres/generate-service))] (when (contains? config :nextcloud-data-volume-path) [(yaml/to-string (nextcloud/generate-persistent-volume config))]) - [(yaml/to-string (nextcloud/generate-pvc)) + [(yaml/to-string (nextcloud/generate-secret config)) + (yaml/to-string (nextcloud/generate-pvc)) (yaml/to-string (nextcloud/generate-deployment config)) (yaml/to-string (nextcloud/generate-service)) (yaml/to-string (nextcloud/generate-certificate config)) - (yaml/to-string (nextcloud/generate-ingress config)) - (yaml/to-string (nextcloud/generate-service))] + (yaml/to-string (nextcloud/generate-ingress config))] (when (contains? config :restic-repository) [(yaml/to-string (backup/generate-config config)) (yaml/to-string (backup/generate-secret config)) diff --git a/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc b/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc index ec2d13b..f7cfc7c 100644 --- a/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc +++ b/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc @@ -3,12 +3,16 @@ [clojure.spec.alpha :as s] #?(:cljs [shadow.resource :as rc]) [dda.c4k-common.yaml :as yaml] + [dda.c4k-common.base64 :as b64] + [dda.c4k-common.prefixes :as cp] [dda.c4k-common.common :as cm])) -(s/def ::fqdn cm/fqdn-string?) -(s/def ::issuer cm/letsencrypt-issuer?) +(s/def ::fqdn cp/fqdn-string?) +(s/def ::issuer cp/letsencrypt-issuer?) (s/def ::restic-repository string?) (s/def ::nextcloud-data-volume-path string?) +(s/def ::nextcloud-admin-user cp/bash-env-string?) +(s/def ::nextcloud-admin-password cp/bash-env-string?) #?(:cljs (defmethod yaml/load-resource :nextcloud [resource-name] @@ -19,6 +23,7 @@ "nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml") "nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml") "nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml") + "nextcloud/secret.yaml" (rc/inline "nextcloud/secret.yaml") (throw (js/Error. "Undefined Resource!"))))) (defn generate-certificate [config] @@ -57,3 +62,10 @@ (defn generate-service [] (yaml/from-string (yaml/load-resource "nextcloud/service.yaml"))) + +(defn generate-secret [config] + (let [{:keys [nextcloud-admin-user nextcloud-admin-password]} config] + (-> + (yaml/from-string (yaml/load-resource "nextcloud/secret.yaml")) + (cm/replace-key-value :nextcloud-admin-user (b64/encode nextcloud-admin-user)) + (cm/replace-key-value :nextcloud-admin-password (b64/encode nextcloud-admin-password))))) diff --git a/src/main/resources/backup/cron.yaml b/src/main/resources/backup/cron.yaml index 8bb54bc..2026cf5 100644 --- a/src/main/resources/backup/cron.yaml +++ b/src/main/resources/backup/cron.yaml @@ -14,7 +14,7 @@ spec: spec: containers: - name: backup-app - image: domaindrivenarchitecture/meissa-cloud-backup + image: domaindrivenarchitecture/c4k-cloud-backup imagePullPolicy: IfNotPresent command: ["/entrypoint.sh"] env: diff --git a/src/main/resources/nextcloud/deployment.yaml b/src/main/resources/nextcloud/deployment.yaml index 77767cc..340992a 100644 --- a/src/main/resources/nextcloud/deployment.yaml +++ b/src/main/resources/nextcloud/deployment.yaml @@ -14,7 +14,7 @@ spec: app: cloud spec: containers: - - image: domaindrivenarchitecture/meissa-cloud-app + - image: domaindrivenarchitecture/c4k-cloud-app name: cloud-app imagePullPolicy: IfNotPresent ports: @@ -27,11 +27,11 @@ spec: - name: NEXTCLOUD_TRUSTED_DOMAINS value: fqdn - name: POSTGRES_USER_FILE - value: /var/run/secrets/cloud-secrets/postgres-user + value: /var/run/secrets/postgres-secret/postgres-user - name: POSTGRES_PASSWORD_FILE - value: /var/run/secrets/cloud-secrets/postgres-password + value: /var/run/secrets/postgres-secret/postgres-password - name: POSTGRES_DB_FILE - value: /var/run/secrets/cloud-secrets/postgres-db + value: /var/run/configs/postgres-config/postgres-db - name: POSTGRES_HOST value: "postgresql-service:5432" volumeMounts: @@ -40,6 +40,12 @@ spec: - name: cloud-secret-volume mountPath: /var/run/secrets/cloud-secrets readOnly: true + - name: postgres-secret-volume + mountPath: /var/run/secrets/postgres-secret + readOnly: true + - name: postgres-config-volume + mountPath: /var/run/configs/postgres-config + readOnly: true volumes: - name: cloud-data-volume persistentVolumeClaim: @@ -47,6 +53,15 @@ spec: - name: cloud-secret-volume secret: secretName: cloud-secret + - name: postgres-secret-volume + secret: + secretName: postgres-secret + - name: postgres-config-volume + configMap: + name: postgres-config + items: + - key: postgres-db + path: postgres-db - name: backup-secret-volume secret: secretName: backup-secret diff --git a/src/main/resources/nextcloud/ingress.yaml b/src/main/resources/nextcloud/ingress.yaml index cc5a0df..5122631 100644 --- a/src/main/resources/nextcloud/ingress.yaml +++ b/src/main/resources/nextcloud/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-cloud @@ -21,6 +21,9 @@ spec: http: paths: - path: / + pathType: Prefix backend: - serviceName: cloud-service - servicePort: 80 + service: + name: cloud-service + port: + number: 80 diff --git a/src/main/resources/nextcloud/secret.yaml b/src/main/resources/nextcloud/secret.yaml index 2429d16..da692a4 100644 --- a/src/main/resources/nextcloud/secret.yaml +++ b/src/main/resources/nextcloud/secret.yaml @@ -4,8 +4,5 @@ metadata: name: cloud-secret type: Opaque stringData: - postgres-db: db-name - postgres-user: db-user-name - postgres-password: db-user-password nextcloud-admin-user: admin-user nextcloud-admin-password: admin-password diff --git a/src/test/cljc/dda/c4k_nextcloud/core_test.cljc b/src/test/cljc/dda/c4k_nextcloud/core_test.cljc index c841770..964476c 100644 --- a/src/test/cljc/dda/c4k_nextcloud/core_test.cljc +++ b/src/test/cljc/dda/c4k_nextcloud/core_test.cljc @@ -9,6 +9,8 @@ (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" :postgres-db-user "nextcloud" :postgres-db-password "nextcloud-db-password" + :nextcloud-admin-user "cloudadmin" + :nextcloud-admin-password "cloudpassword" :issuer :prod :nextcloud-data-volume-path "/var/nextcloud" :postgres-data-volume-path "/var/postgres" @@ -20,6 +22,8 @@ (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" :postgres-db-user "nextcloud" :postgres-db-password "nextcloud-db-password" + :nextcloud-admin-user "cloudadmin" + :nextcloud-admin-password "cloudpassword" :issuer :prod :aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" @@ -29,6 +33,8 @@ (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" :postgres-db-user "nextcloud" :postgres-db-password "nextcloud-db-password" + :nextcloud-admin-user "cloudadmin" + :nextcloud-admin-password "cloudpassword" :issuer :prod :aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" diff --git a/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc b/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc index ce6c7cc..55ebae8 100644 --- a/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc +++ b/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc @@ -4,6 +4,17 @@ :cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) [dda.c4k-nextcloud.nextcloud :as cut])) +(deftest should-generate-secret + (is (= {:apiVersion "v1" + :kind "Secret" + :metadata {:name "cloud-secret"} + :type "Opaque" + :stringData + {:nextcloud-admin-user "Y2xvdWRhZG1pbg==" + :nextcloud-admin-password "Y2xvdWRwYXNzd29yZA=="}} + (cut/generate-secret {:nextcloud-admin-user "cloudadmin" + :nextcloud-admin-password "cloudpassword"})))) + (deftest should-generate-certificate (is (= {:apiVersion "cert-manager.io/v1alpha2" :kind "Certificate" @@ -17,7 +28,7 @@ (cut/generate-certificate {:fqdn "xx" :issuer :prod})))) (deftest should-generate-ingress - (is (= {:apiVersion "extensions/v1beta1" + (is (= {:apiVersion "networking.k8s.io/v1" :kind "Ingress" :metadata {:name "ingress-cloud" @@ -38,8 +49,10 @@ :http {:paths [{:path "/" + :pathType "Prefix" :backend - {:serviceName "cloud-service", :servicePort 80}}]}}]}} + {:service + {:name "cloud-service", :port {:number 80}}}}]}}]}} (cut/generate-ingress {:fqdn "xx"})))) (deftest should-generate-persistent-volume @@ -69,18 +82,47 @@ :imagePullPolicy "IfNotPresent" :ports [{:containerPort 80}] :env - [{:name "NEXTCLOUD_ADMIN_USER_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-user"} - {:name "NEXTCLOUD_ADMIN_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-password"} + [{:name "NEXTCLOUD_ADMIN_USER_FILE" + :value + "/var/run/secrets/cloud-secrets/nextcloud-admin-user"} + {:name "NEXTCLOUD_ADMIN_PASSWORD_FILE" + :value + "/var/run/secrets/cloud-secrets/nextcloud-admin-password"} {:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"} - {:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"} - {:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"} - {:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"} - {:name "POSTGRES_HOST", :value "postgresql-service:5432"}] + {:name "POSTGRES_USER_FILE" + :value + "/var/run/secrets/postgres-secret/postgres-user"} + {:name "POSTGRES_PASSWORD_FILE" + :value + "/var/run/secrets/postgres-secret/postgres-password"} + {:name "POSTGRES_DB_FILE" + :value + "/var/run/configs/postgres-config/postgres-db"} + {:name "POSTGRES_HOST" + :value "postgresql-service:5432"}] :volumeMounts - [{:name "cloud-data-volume", :mountPath "/var/www/html"} - {:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}] + [{:name "cloud-data-volume" + :mountPath "/var/www/html"} + {:name "cloud-secret-volume" + :mountPath "/var/run/secrets/cloud-secrets" + :readOnly true} + {:name "postgres-secret-volume" + :mountPath "/var/run/secrets/postgres-secret" + :readOnly true} + {:name "postgres-config-volume" + :mountPath "/var/run/configs/postgres-config" + :readOnly true}]}] :volumes - [{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}} - {:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}} - {:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]}}}} + [{:name "cloud-data-volume" + :persistentVolumeClaim {:claimName "cloud-pvc"}} + {:name "cloud-secret-volume" + :secret {:secretName "cloud-secret"}} + {:name "postgres-secret-volume" + :secret {:secretName "postgres-secret"}} + {:name "postgres-config-volume" + :configMap + {:name "postgres-config" + :items [{:key "postgres-db", :path "postgres-db"}]}} + {:name "backup-secret-volume" + :secret {:secretName "backup-secret"}}]}}}} (cut/generate-deployment {:fqdn "xx"})))) diff --git a/valid-auth.edn b/valid-auth.edn index 3a3764a..60f0255 100644 --- a/valid-auth.edn +++ b/valid-auth.edn @@ -1,5 +1,7 @@ {:postgres-db-user "nextcloud" :postgres-db-password "nextcloud-db-password" + :nextcloud-admin-user "cloudadmin" + :nextcloud-admin-password "cloudpassword" :aws-access-key-id "aws-id" :aws-secret-access-key "aws-secret" :restic-password "restic-password"} \ No newline at end of file