now cloud container is starting

This commit is contained in:
jem 2021-09-15 18:34:40 +02:00
parent cce1fdc207
commit 456f17562b
9 changed files with 107 additions and 29 deletions

View file

@ -17,6 +17,7 @@
::nextcloud/storage-size])) ::nextcloud/storage-size]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password (def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
::nextcloud/nextcloud-admin-user ::nextcloud/nextcloud-admin-password
::aws-access-key-id ::aws-secret-access-key ::aws-access-key-id ::aws-secret-access-key
::restic-password])) ::restic-password]))
@ -32,12 +33,12 @@
(yaml/to-string (postgres/generate-service))] (yaml/to-string (postgres/generate-service))]
(when (contains? config :nextcloud-data-volume-path) (when (contains? config :nextcloud-data-volume-path)
[(yaml/to-string (nextcloud/generate-persistent-volume config))]) [(yaml/to-string (nextcloud/generate-persistent-volume config))])
[(yaml/to-string (nextcloud/generate-pvc)) [(yaml/to-string (nextcloud/generate-secret config))
(yaml/to-string (nextcloud/generate-pvc))
(yaml/to-string (nextcloud/generate-deployment config)) (yaml/to-string (nextcloud/generate-deployment config))
(yaml/to-string (nextcloud/generate-service)) (yaml/to-string (nextcloud/generate-service))
(yaml/to-string (nextcloud/generate-certificate config)) (yaml/to-string (nextcloud/generate-certificate config))
(yaml/to-string (nextcloud/generate-ingress config)) (yaml/to-string (nextcloud/generate-ingress config))]
(yaml/to-string (nextcloud/generate-service))]
(when (contains? config :restic-repository) (when (contains? config :restic-repository)
[(yaml/to-string (backup/generate-config config)) [(yaml/to-string (backup/generate-config config))
(yaml/to-string (backup/generate-secret config)) (yaml/to-string (backup/generate-secret config))

View file

@ -3,12 +3,16 @@
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.prefixes :as cp]
[dda.c4k-common.common :as cm])) [dda.c4k-common.common :as cm]))
(s/def ::fqdn cm/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer cm/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::restic-repository string?) (s/def ::restic-repository string?)
(s/def ::nextcloud-data-volume-path string?) (s/def ::nextcloud-data-volume-path string?)
(s/def ::nextcloud-admin-user cp/bash-env-string?)
(s/def ::nextcloud-admin-password cp/bash-env-string?)
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :nextcloud [resource-name] (defmethod yaml/load-resource :nextcloud [resource-name]
@ -19,6 +23,7 @@
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml") "nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml") "nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml") "nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
"nextcloud/secret.yaml" (rc/inline "nextcloud/secret.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
(defn generate-certificate [config] (defn generate-certificate [config]
@ -57,3 +62,10 @@
(defn generate-service [] (defn generate-service []
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml"))) (yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
(defn generate-secret [config]
(let [{:keys [nextcloud-admin-user nextcloud-admin-password]} config]
(->
(yaml/from-string (yaml/load-resource "nextcloud/secret.yaml"))
(cm/replace-key-value :nextcloud-admin-user (b64/encode nextcloud-admin-user))
(cm/replace-key-value :nextcloud-admin-password (b64/encode nextcloud-admin-password)))))

View file

@ -14,7 +14,7 @@ spec:
spec: spec:
containers: containers:
- name: backup-app - name: backup-app
image: domaindrivenarchitecture/meissa-cloud-backup image: domaindrivenarchitecture/c4k-cloud-backup
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
env: env:

View file

@ -14,7 +14,7 @@ spec:
app: cloud app: cloud
spec: spec:
containers: containers:
- image: domaindrivenarchitecture/meissa-cloud-app - image: domaindrivenarchitecture/c4k-cloud-app
name: cloud-app name: cloud-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
@ -27,11 +27,11 @@ spec:
- name: NEXTCLOUD_TRUSTED_DOMAINS - name: NEXTCLOUD_TRUSTED_DOMAINS
value: fqdn value: fqdn
- name: POSTGRES_USER_FILE - name: POSTGRES_USER_FILE
value: /var/run/secrets/cloud-secrets/postgres-user value: /var/run/secrets/postgres-secret/postgres-user
- name: POSTGRES_PASSWORD_FILE - name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/postgres-password value: /var/run/secrets/postgres-secret/postgres-password
- name: POSTGRES_DB_FILE - name: POSTGRES_DB_FILE
value: /var/run/secrets/cloud-secrets/postgres-db value: /var/run/configs/postgres-config/postgres-db
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service:5432" value: "postgresql-service:5432"
volumeMounts: volumeMounts:
@ -40,6 +40,12 @@ spec:
- name: cloud-secret-volume - name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets mountPath: /var/run/secrets/cloud-secrets
readOnly: true readOnly: true
- name: postgres-secret-volume
mountPath: /var/run/secrets/postgres-secret
readOnly: true
- name: postgres-config-volume
mountPath: /var/run/configs/postgres-config
readOnly: true
volumes: volumes:
- name: cloud-data-volume - name: cloud-data-volume
persistentVolumeClaim: persistentVolumeClaim:
@ -47,6 +53,15 @@ spec:
- name: cloud-secret-volume - name: cloud-secret-volume
secret: secret:
secretName: cloud-secret secretName: cloud-secret
- name: postgres-secret-volume
secret:
secretName: postgres-secret
- name: postgres-config-volume
configMap:
name: postgres-config
items:
- key: postgres-db
path: postgres-db
- name: backup-secret-volume - name: backup-secret-volume
secret: secret:
secretName: backup-secret secretName: backup-secret

View file

@ -1,4 +1,4 @@
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: ingress-cloud name: ingress-cloud
@ -21,6 +21,9 @@ spec:
http: http:
paths: paths:
- path: / - path: /
pathType: Prefix
backend: backend:
serviceName: cloud-service service:
servicePort: 80 name: cloud-service
port:
number: 80

View file

@ -4,8 +4,5 @@ metadata:
name: cloud-secret name: cloud-secret
type: Opaque type: Opaque
stringData: stringData:
postgres-db: db-name
postgres-user: db-user-name
postgres-password: db-user-password
nextcloud-admin-user: admin-user nextcloud-admin-user: admin-user
nextcloud-admin-password: admin-password nextcloud-admin-password: admin-password

View file

@ -9,6 +9,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud" :postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password" :postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod :issuer :prod
:nextcloud-data-volume-path "/var/nextcloud" :nextcloud-data-volume-path "/var/nextcloud"
:postgres-data-volume-path "/var/postgres" :postgres-data-volume-path "/var/postgres"
@ -20,6 +22,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud" :postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password" :postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod :issuer :prod
:aws-access-key-id "aws-id" :aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret" :aws-secret-access-key "aws-secret"
@ -29,6 +33,8 @@
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de" (count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
:postgres-db-user "nextcloud" :postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password" :postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:issuer :prod :issuer :prod
:aws-access-key-id "aws-id" :aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret" :aws-secret-access-key "aws-secret"

View file

@ -4,6 +4,17 @@
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[dda.c4k-nextcloud.nextcloud :as cut])) [dda.c4k-nextcloud.nextcloud :as cut]))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "cloud-secret"}
:type "Opaque"
:stringData
{:nextcloud-admin-user "Y2xvdWRhZG1pbg=="
:nextcloud-admin-password "Y2xvdWRwYXNzd29yZA=="}}
(cut/generate-secret {:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"}))))
(deftest should-generate-certificate (deftest should-generate-certificate
(is (= {:apiVersion "cert-manager.io/v1alpha2" (is (= {:apiVersion "cert-manager.io/v1alpha2"
:kind "Certificate" :kind "Certificate"
@ -17,7 +28,7 @@
(cut/generate-certificate {:fqdn "xx" :issuer :prod})))) (cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
(deftest should-generate-ingress (deftest should-generate-ingress
(is (= {:apiVersion "extensions/v1beta1" (is (= {:apiVersion "networking.k8s.io/v1"
:kind "Ingress" :kind "Ingress"
:metadata :metadata
{:name "ingress-cloud" {:name "ingress-cloud"
@ -38,8 +49,10 @@
:http :http
{:paths {:paths
[{:path "/" [{:path "/"
:pathType "Prefix"
:backend :backend
{:serviceName "cloud-service", :servicePort 80}}]}}]}} {:service
{:name "cloud-service", :port {:number 80}}}}]}}]}}
(cut/generate-ingress {:fqdn "xx"})))) (cut/generate-ingress {:fqdn "xx"}))))
(deftest should-generate-persistent-volume (deftest should-generate-persistent-volume
@ -69,18 +82,47 @@
:imagePullPolicy "IfNotPresent" :imagePullPolicy "IfNotPresent"
:ports [{:containerPort 80}] :ports [{:containerPort 80}]
:env :env
[{:name "NEXTCLOUD_ADMIN_USER_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-user"} [{:name "NEXTCLOUD_ADMIN_USER_FILE"
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-password"} :value
"/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE"
:value
"/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
{:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"} {:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"}
{:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"} {:name "POSTGRES_USER_FILE"
{:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"} :value
{:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"} "/var/run/secrets/postgres-secret/postgres-user"}
{:name "POSTGRES_HOST", :value "postgresql-service:5432"}] {:name "POSTGRES_PASSWORD_FILE"
:value
"/var/run/secrets/postgres-secret/postgres-password"}
{:name "POSTGRES_DB_FILE"
:value
"/var/run/configs/postgres-config/postgres-db"}
{:name "POSTGRES_HOST"
:value "postgresql-service:5432"}]
:volumeMounts :volumeMounts
[{:name "cloud-data-volume", :mountPath "/var/www/html"} [{:name "cloud-data-volume"
{:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}] :mountPath "/var/www/html"}
{:name "cloud-secret-volume"
:mountPath "/var/run/secrets/cloud-secrets"
:readOnly true}
{:name "postgres-secret-volume"
:mountPath "/var/run/secrets/postgres-secret"
:readOnly true}
{:name "postgres-config-volume"
:mountPath "/var/run/configs/postgres-config"
:readOnly true}]}]
:volumes :volumes
[{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}} [{:name "cloud-data-volume"
{:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}} :persistentVolumeClaim {:claimName "cloud-pvc"}}
{:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]}}}} {:name "cloud-secret-volume"
:secret {:secretName "cloud-secret"}}
{:name "postgres-secret-volume"
:secret {:secretName "postgres-secret"}}
{:name "postgres-config-volume"
:configMap
{:name "postgres-config"
:items [{:key "postgres-db", :path "postgres-db"}]}}
{:name "backup-secret-volume"
:secret {:secretName "backup-secret"}}]}}}}
(cut/generate-deployment {:fqdn "xx"})))) (cut/generate-deployment {:fqdn "xx"}))))

View file

@ -1,5 +1,7 @@
{:postgres-db-user "nextcloud" {:postgres-db-user "nextcloud"
:postgres-db-password "nextcloud-db-password" :postgres-db-password "nextcloud-db-password"
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"
:aws-access-key-id "aws-id" :aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret" :aws-secret-access-key "aws-secret"
:restic-password "restic-password"} :restic-password "restic-password"}