now cloud container is starting
This commit is contained in:
parent
cce1fdc207
commit
456f17562b
9 changed files with 107 additions and 29 deletions
|
@ -17,6 +17,7 @@
|
||||||
::nextcloud/storage-size]))
|
::nextcloud/storage-size]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
|
||||||
|
::nextcloud/nextcloud-admin-user ::nextcloud/nextcloud-admin-password
|
||||||
::aws-access-key-id ::aws-secret-access-key
|
::aws-access-key-id ::aws-secret-access-key
|
||||||
::restic-password]))
|
::restic-password]))
|
||||||
|
|
||||||
|
@ -32,12 +33,12 @@
|
||||||
(yaml/to-string (postgres/generate-service))]
|
(yaml/to-string (postgres/generate-service))]
|
||||||
(when (contains? config :nextcloud-data-volume-path)
|
(when (contains? config :nextcloud-data-volume-path)
|
||||||
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
|
[(yaml/to-string (nextcloud/generate-persistent-volume config))])
|
||||||
[(yaml/to-string (nextcloud/generate-pvc))
|
[(yaml/to-string (nextcloud/generate-secret config))
|
||||||
|
(yaml/to-string (nextcloud/generate-pvc))
|
||||||
(yaml/to-string (nextcloud/generate-deployment config))
|
(yaml/to-string (nextcloud/generate-deployment config))
|
||||||
(yaml/to-string (nextcloud/generate-service))
|
(yaml/to-string (nextcloud/generate-service))
|
||||||
(yaml/to-string (nextcloud/generate-certificate config))
|
(yaml/to-string (nextcloud/generate-certificate config))
|
||||||
(yaml/to-string (nextcloud/generate-ingress config))
|
(yaml/to-string (nextcloud/generate-ingress config))]
|
||||||
(yaml/to-string (nextcloud/generate-service))]
|
|
||||||
(when (contains? config :restic-repository)
|
(when (contains? config :restic-repository)
|
||||||
[(yaml/to-string (backup/generate-config config))
|
[(yaml/to-string (backup/generate-config config))
|
||||||
(yaml/to-string (backup/generate-secret config))
|
(yaml/to-string (backup/generate-secret config))
|
||||||
|
|
|
@ -3,12 +3,16 @@
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:cljs [shadow.resource :as rc])
|
#?(:cljs [shadow.resource :as rc])
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-common.base64 :as b64]
|
||||||
|
[dda.c4k-common.prefixes :as cp]
|
||||||
[dda.c4k-common.common :as cm]))
|
[dda.c4k-common.common :as cm]))
|
||||||
|
|
||||||
(s/def ::fqdn cm/fqdn-string?)
|
(s/def ::fqdn cp/fqdn-string?)
|
||||||
(s/def ::issuer cm/letsencrypt-issuer?)
|
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||||
(s/def ::restic-repository string?)
|
(s/def ::restic-repository string?)
|
||||||
(s/def ::nextcloud-data-volume-path string?)
|
(s/def ::nextcloud-data-volume-path string?)
|
||||||
|
(s/def ::nextcloud-admin-user cp/bash-env-string?)
|
||||||
|
(s/def ::nextcloud-admin-password cp/bash-env-string?)
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :nextcloud [resource-name]
|
(defmethod yaml/load-resource :nextcloud [resource-name]
|
||||||
|
@ -19,6 +23,7 @@
|
||||||
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
|
"nextcloud/persistent-volume.yaml" (rc/inline "nextcloud/persistent-volume.yaml")
|
||||||
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
|
"nextcloud/pvc.yaml" (rc/inline "nextcloud/pvc.yaml")
|
||||||
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
|
"nextcloud/service.yaml" (rc/inline "nextcloud/service.yaml")
|
||||||
|
"nextcloud/secret.yaml" (rc/inline "nextcloud/secret.yaml")
|
||||||
(throw (js/Error. "Undefined Resource!")))))
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
(defn generate-certificate [config]
|
(defn generate-certificate [config]
|
||||||
|
@ -57,3 +62,10 @@
|
||||||
|
|
||||||
(defn generate-service []
|
(defn generate-service []
|
||||||
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
|
(yaml/from-string (yaml/load-resource "nextcloud/service.yaml")))
|
||||||
|
|
||||||
|
(defn generate-secret [config]
|
||||||
|
(let [{:keys [nextcloud-admin-user nextcloud-admin-password]} config]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "nextcloud/secret.yaml"))
|
||||||
|
(cm/replace-key-value :nextcloud-admin-user (b64/encode nextcloud-admin-user))
|
||||||
|
(cm/replace-key-value :nextcloud-admin-password (b64/encode nextcloud-admin-password)))))
|
||||||
|
|
|
@ -14,7 +14,7 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: backup-app
|
- name: backup-app
|
||||||
image: domaindrivenarchitecture/meissa-cloud-backup
|
image: domaindrivenarchitecture/c4k-cloud-backup
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/entrypoint.sh"]
|
command: ["/entrypoint.sh"]
|
||||||
env:
|
env:
|
||||||
|
|
|
@ -14,7 +14,7 @@ spec:
|
||||||
app: cloud
|
app: cloud
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- image: domaindrivenarchitecture/meissa-cloud-app
|
- image: domaindrivenarchitecture/c4k-cloud-app
|
||||||
name: cloud-app
|
name: cloud-app
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
ports:
|
ports:
|
||||||
|
@ -27,11 +27,11 @@ spec:
|
||||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||||
value: fqdn
|
value: fqdn
|
||||||
- name: POSTGRES_USER_FILE
|
- name: POSTGRES_USER_FILE
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-user
|
value: /var/run/secrets/postgres-secret/postgres-user
|
||||||
- name: POSTGRES_PASSWORD_FILE
|
- name: POSTGRES_PASSWORD_FILE
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-password
|
value: /var/run/secrets/postgres-secret/postgres-password
|
||||||
- name: POSTGRES_DB_FILE
|
- name: POSTGRES_DB_FILE
|
||||||
value: /var/run/secrets/cloud-secrets/postgres-db
|
value: /var/run/configs/postgres-config/postgres-db
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: "postgresql-service:5432"
|
value: "postgresql-service:5432"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -40,6 +40,12 @@ spec:
|
||||||
- name: cloud-secret-volume
|
- name: cloud-secret-volume
|
||||||
mountPath: /var/run/secrets/cloud-secrets
|
mountPath: /var/run/secrets/cloud-secrets
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: postgres-secret-volume
|
||||||
|
mountPath: /var/run/secrets/postgres-secret
|
||||||
|
readOnly: true
|
||||||
|
- name: postgres-config-volume
|
||||||
|
mountPath: /var/run/configs/postgres-config
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: cloud-data-volume
|
- name: cloud-data-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
@ -47,6 +53,15 @@ spec:
|
||||||
- name: cloud-secret-volume
|
- name: cloud-secret-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: cloud-secret
|
secretName: cloud-secret
|
||||||
|
- name: postgres-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: postgres-secret
|
||||||
|
- name: postgres-config-volume
|
||||||
|
configMap:
|
||||||
|
name: postgres-config
|
||||||
|
items:
|
||||||
|
- key: postgres-db
|
||||||
|
path: postgres-db
|
||||||
- name: backup-secret-volume
|
- name: backup-secret-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: backup-secret
|
secretName: backup-secret
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: ingress-cloud
|
name: ingress-cloud
|
||||||
|
@ -21,6 +21,9 @@ spec:
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
backend:
|
backend:
|
||||||
serviceName: cloud-service
|
service:
|
||||||
servicePort: 80
|
name: cloud-service
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
|
|
@ -4,8 +4,5 @@ metadata:
|
||||||
name: cloud-secret
|
name: cloud-secret
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
postgres-db: db-name
|
|
||||||
postgres-user: db-user-name
|
|
||||||
postgres-password: db-user-password
|
|
||||||
nextcloud-admin-user: admin-user
|
nextcloud-admin-user: admin-user
|
||||||
nextcloud-admin-password: admin-password
|
nextcloud-admin-password: admin-password
|
||||||
|
|
|
@ -9,6 +9,8 @@
|
||||||
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
:postgres-db-user "nextcloud"
|
:postgres-db-user "nextcloud"
|
||||||
:postgres-db-password "nextcloud-db-password"
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:nextcloud-admin-user "cloudadmin"
|
||||||
|
:nextcloud-admin-password "cloudpassword"
|
||||||
:issuer :prod
|
:issuer :prod
|
||||||
:nextcloud-data-volume-path "/var/nextcloud"
|
:nextcloud-data-volume-path "/var/nextcloud"
|
||||||
:postgres-data-volume-path "/var/postgres"
|
:postgres-data-volume-path "/var/postgres"
|
||||||
|
@ -20,6 +22,8 @@
|
||||||
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
:postgres-db-user "nextcloud"
|
:postgres-db-user "nextcloud"
|
||||||
:postgres-db-password "nextcloud-db-password"
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:nextcloud-admin-user "cloudadmin"
|
||||||
|
:nextcloud-admin-password "cloudpassword"
|
||||||
:issuer :prod
|
:issuer :prod
|
||||||
:aws-access-key-id "aws-id"
|
:aws-access-key-id "aws-id"
|
||||||
:aws-secret-access-key "aws-secret"
|
:aws-secret-access-key "aws-secret"
|
||||||
|
@ -29,6 +33,8 @@
|
||||||
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
(count (cut/k8s-objects {:fqdn "nextcloud-neu.prod.meissa-gmbh.de"
|
||||||
:postgres-db-user "nextcloud"
|
:postgres-db-user "nextcloud"
|
||||||
:postgres-db-password "nextcloud-db-password"
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:nextcloud-admin-user "cloudadmin"
|
||||||
|
:nextcloud-admin-password "cloudpassword"
|
||||||
:issuer :prod
|
:issuer :prod
|
||||||
:aws-access-key-id "aws-id"
|
:aws-access-key-id "aws-id"
|
||||||
:aws-secret-access-key "aws-secret"
|
:aws-secret-access-key "aws-secret"
|
||||||
|
|
|
@ -4,6 +4,17 @@
|
||||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
[dda.c4k-nextcloud.nextcloud :as cut]))
|
[dda.c4k-nextcloud.nextcloud :as cut]))
|
||||||
|
|
||||||
|
(deftest should-generate-secret
|
||||||
|
(is (= {:apiVersion "v1"
|
||||||
|
:kind "Secret"
|
||||||
|
:metadata {:name "cloud-secret"}
|
||||||
|
:type "Opaque"
|
||||||
|
:stringData
|
||||||
|
{:nextcloud-admin-user "Y2xvdWRhZG1pbg=="
|
||||||
|
:nextcloud-admin-password "Y2xvdWRwYXNzd29yZA=="}}
|
||||||
|
(cut/generate-secret {:nextcloud-admin-user "cloudadmin"
|
||||||
|
:nextcloud-admin-password "cloudpassword"}))))
|
||||||
|
|
||||||
(deftest should-generate-certificate
|
(deftest should-generate-certificate
|
||||||
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
(is (= {:apiVersion "cert-manager.io/v1alpha2"
|
||||||
:kind "Certificate"
|
:kind "Certificate"
|
||||||
|
@ -17,7 +28,7 @@
|
||||||
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
(cut/generate-certificate {:fqdn "xx" :issuer :prod}))))
|
||||||
|
|
||||||
(deftest should-generate-ingress
|
(deftest should-generate-ingress
|
||||||
(is (= {:apiVersion "extensions/v1beta1"
|
(is (= {:apiVersion "networking.k8s.io/v1"
|
||||||
:kind "Ingress"
|
:kind "Ingress"
|
||||||
:metadata
|
:metadata
|
||||||
{:name "ingress-cloud"
|
{:name "ingress-cloud"
|
||||||
|
@ -38,8 +49,10 @@
|
||||||
:http
|
:http
|
||||||
{:paths
|
{:paths
|
||||||
[{:path "/"
|
[{:path "/"
|
||||||
|
:pathType "Prefix"
|
||||||
:backend
|
:backend
|
||||||
{:serviceName "cloud-service", :servicePort 80}}]}}]}}
|
{:service
|
||||||
|
{:name "cloud-service", :port {:number 80}}}}]}}]}}
|
||||||
(cut/generate-ingress {:fqdn "xx"}))))
|
(cut/generate-ingress {:fqdn "xx"}))))
|
||||||
|
|
||||||
(deftest should-generate-persistent-volume
|
(deftest should-generate-persistent-volume
|
||||||
|
@ -69,18 +82,47 @@
|
||||||
:imagePullPolicy "IfNotPresent"
|
:imagePullPolicy "IfNotPresent"
|
||||||
:ports [{:containerPort 80}]
|
:ports [{:containerPort 80}]
|
||||||
:env
|
:env
|
||||||
[{:name "NEXTCLOUD_ADMIN_USER_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
|
[{:name "NEXTCLOUD_ADMIN_USER_FILE"
|
||||||
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
|
:value
|
||||||
|
"/var/run/secrets/cloud-secrets/nextcloud-admin-user"}
|
||||||
|
{:name "NEXTCLOUD_ADMIN_PASSWORD_FILE"
|
||||||
|
:value
|
||||||
|
"/var/run/secrets/cloud-secrets/nextcloud-admin-password"}
|
||||||
{:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"}
|
{:name "NEXTCLOUD_TRUSTED_DOMAINS", :value "xx"}
|
||||||
{:name "POSTGRES_USER_FILE", :value "/var/run/secrets/cloud-secrets/postgres-user"}
|
{:name "POSTGRES_USER_FILE"
|
||||||
{:name "POSTGRES_PASSWORD_FILE", :value "/var/run/secrets/cloud-secrets/postgres-password"}
|
:value
|
||||||
{:name "POSTGRES_DB_FILE", :value "/var/run/secrets/cloud-secrets/postgres-db"}
|
"/var/run/secrets/postgres-secret/postgres-user"}
|
||||||
{:name "POSTGRES_HOST", :value "postgresql-service:5432"}]
|
{:name "POSTGRES_PASSWORD_FILE"
|
||||||
|
:value
|
||||||
|
"/var/run/secrets/postgres-secret/postgres-password"}
|
||||||
|
{:name "POSTGRES_DB_FILE"
|
||||||
|
:value
|
||||||
|
"/var/run/configs/postgres-config/postgres-db"}
|
||||||
|
{:name "POSTGRES_HOST"
|
||||||
|
:value "postgresql-service:5432"}]
|
||||||
:volumeMounts
|
:volumeMounts
|
||||||
[{:name "cloud-data-volume", :mountPath "/var/www/html"}
|
[{:name "cloud-data-volume"
|
||||||
{:name "cloud-secret-volume", :mountPath "/var/run/secrets/cloud-secrets", :readOnly true}]}]
|
:mountPath "/var/www/html"}
|
||||||
|
{:name "cloud-secret-volume"
|
||||||
|
:mountPath "/var/run/secrets/cloud-secrets"
|
||||||
|
:readOnly true}
|
||||||
|
{:name "postgres-secret-volume"
|
||||||
|
:mountPath "/var/run/secrets/postgres-secret"
|
||||||
|
:readOnly true}
|
||||||
|
{:name "postgres-config-volume"
|
||||||
|
:mountPath "/var/run/configs/postgres-config"
|
||||||
|
:readOnly true}]}]
|
||||||
:volumes
|
:volumes
|
||||||
[{:name "cloud-data-volume", :persistentVolumeClaim {:claimName "cloud-pvc"}}
|
[{:name "cloud-data-volume"
|
||||||
{:name "cloud-secret-volume", :secret {:secretName "cloud-secret"}}
|
:persistentVolumeClaim {:claimName "cloud-pvc"}}
|
||||||
{:name "backup-secret-volume", :secret {:secretName "backup-secret"}}]}}}}
|
{:name "cloud-secret-volume"
|
||||||
|
:secret {:secretName "cloud-secret"}}
|
||||||
|
{:name "postgres-secret-volume"
|
||||||
|
:secret {:secretName "postgres-secret"}}
|
||||||
|
{:name "postgres-config-volume"
|
||||||
|
:configMap
|
||||||
|
{:name "postgres-config"
|
||||||
|
:items [{:key "postgres-db", :path "postgres-db"}]}}
|
||||||
|
{:name "backup-secret-volume"
|
||||||
|
:secret {:secretName "backup-secret"}}]}}}}
|
||||||
(cut/generate-deployment {:fqdn "xx"}))))
|
(cut/generate-deployment {:fqdn "xx"}))))
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
{:postgres-db-user "nextcloud"
|
{:postgres-db-user "nextcloud"
|
||||||
:postgres-db-password "nextcloud-db-password"
|
:postgres-db-password "nextcloud-db-password"
|
||||||
|
:nextcloud-admin-user "cloudadmin"
|
||||||
|
:nextcloud-admin-password "cloudpassword"
|
||||||
:aws-access-key-id "aws-id"
|
:aws-access-key-id "aws-id"
|
||||||
:aws-secret-access-key "aws-secret"
|
:aws-secret-access-key "aws-secret"
|
||||||
:restic-password "restic-password"}
|
:restic-password "restic-password"}
|
Loading…
Reference in a new issue