Use common ingress
This commit is contained in:
parent
16dd0c5828
commit
fe4c381791
5 changed files with 36 additions and 93 deletions
|
@ -21,15 +21,15 @@
|
|||
[(postgres/generate-config {:postgres-size :8gb})
|
||||
(postgres/generate-secret config)
|
||||
(postgres/generate-pvc {:pv-storage-size-gb 50
|
||||
:pvc-storage-class-name default-storage-class})
|
||||
:pvc-storage-class-name default-storage-class})
|
||||
(postgres/generate-deployment)
|
||||
(postgres/generate-service)
|
||||
(nextcloud/generate-secret config)
|
||||
(nextcloud/generate-pvc (merge nextcloud-default-storage-config config))
|
||||
(nextcloud/generate-deployment config)
|
||||
(nextcloud/generate-service)
|
||||
(nextcloud/generate-certificate config)
|
||||
(nextcloud/generate-ingress config)]
|
||||
(nextcloud/generate-certificate config)]
|
||||
(nextcloud/generate-ingress config)
|
||||
(when (:contains? config :restic-repository)
|
||||
[(backup/generate-config config)
|
||||
(backup/generate-secret config)
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-common.ingress :as ing]
|
||||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.postgres :as postgres]
|
||||
|
@ -62,13 +63,12 @@
|
|||
|
||||
(defn-spec generate-ingress cp/map-or-seq?
|
||||
[config config?]
|
||||
(let [{:keys [fqdn issuer]
|
||||
:or {issuer "staging"}} config
|
||||
letsencrypt-issuer issuer]
|
||||
(->
|
||||
(yaml/load-as-edn "nextcloud/ingress.yaml")
|
||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||
(ing/generate-ingress-and-cert
|
||||
(merge
|
||||
{:service-name "nextcloud"
|
||||
:service-port 80
|
||||
:fqdns [(:fqdn config)]}
|
||||
config)))
|
||||
|
||||
(defn-spec generate-pvc cp/map-or-seq?
|
||||
[config (s/keys :req-un [::pv-storage-size-gb ::pvc-storage-class-name])]
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: cloud-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: cloud-cert
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
commonName: fqdn
|
||||
dnsNames:
|
||||
- fqdn
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress-cloud
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
ingress.kubernetes.io/rewrite-target: /
|
||||
ingress.kubernetes.io/proxy-body-size: "256m"
|
||||
ingress.kubernetes.io/proxy-connect-timeout: "300"
|
||||
ingress.kubernetes.io/proxy-send-timeout: "300"
|
||||
ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||
namespace: default
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- fqdn
|
||||
secretName: cloud-cert
|
||||
rules:
|
||||
- host: fqdn
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: cloud-service
|
||||
port:
|
||||
number: 80
|
|
@ -36,45 +36,32 @@
|
|||
:nextcloud-admin-user "cloudadmin"
|
||||
:nextcloud-admin-password "cloudpassword"}))))
|
||||
|
||||
(deftest should-generate-certificate
|
||||
(is (= {:apiVersion "cert-manager.io/v1"
|
||||
:kind "Certificate"
|
||||
:metadata {:name "cloud-cert", :namespace "default"}
|
||||
:spec
|
||||
{:secretName "cloud-cert"
|
||||
:duration "2160h"
|
||||
:renewBefore "360h",
|
||||
:commonName "somefqdn.de",
|
||||
:dnsNames ["somefqdn.de"]
|
||||
:issuerRef
|
||||
{:name "prod", :kind "ClusterIssuer"}}}
|
||||
(cut/generate-certificate {:fqdn "somefqdn.de" :issuer "prod"}))))
|
||||
|
||||
(deftest should-generate-ingress
|
||||
(is (= {:apiVersion "networking.k8s.io/v1"
|
||||
:kind "Ingress"
|
||||
:metadata
|
||||
{:name "ingress-cloud"
|
||||
:annotations
|
||||
{:cert-manager.io/cluster-issuer "staging"
|
||||
:ingress.kubernetes.io/proxy-body-size "256m"
|
||||
:ingress.kubernetes.io/ssl-redirect "true"
|
||||
:ingress.kubernetes.io/rewrite-target "/"
|
||||
:ingress.kubernetes.io/proxy-connect-timeout "300"
|
||||
:ingress.kubernetes.io/proxy-send-timeout "300"
|
||||
:ingress.kubernetes.io/proxy-read-timeout "300"}
|
||||
:namespace "default"}
|
||||
:spec
|
||||
{:tls [{:hosts ["somefqdn.de"], :secretName "cloud-cert"}]
|
||||
:rules
|
||||
[{:host "somefqdn.de"
|
||||
:http
|
||||
{:paths
|
||||
[{:path "/"
|
||||
:pathType "Prefix"
|
||||
:backend
|
||||
{:service
|
||||
{:name "cloud-service", :port {:number 80}}}}]}}]}}
|
||||
(deftest should-generate-ingress-and-cert
|
||||
(is (= [{:apiVersion "cert-manager.io/v1",
|
||||
:kind "Certificate",
|
||||
:metadata {:name "nextcloud", :labels {:app.kubernetes.part-of "nextcloud"}, :namespace "default"},
|
||||
:spec
|
||||
{:secretName "nextcloud",
|
||||
:commonName "somefqdn.de",
|
||||
:duration "2160h",
|
||||
:renewBefore "360h",
|
||||
:dnsNames ["somefqdn.de"],
|
||||
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
||||
{:apiVersion "networking.k8s.io/v1",
|
||||
:kind "Ingress",
|
||||
:metadata
|
||||
{:name "nextcloud",
|
||||
:namespace "default",
|
||||
:labels {:app.kubernetes.part-of "nextcloud"},
|
||||
:annotations
|
||||
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
||||
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd",
|
||||
:metallb.universe.tf/address-pool "public"}},
|
||||
:spec
|
||||
{:tls [{:hosts ["somefqdn.de"], :secretName "nextcloud"}],
|
||||
:rules
|
||||
[{:host "somefqdn.de",
|
||||
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "nextcloud", :port {:number 80}}}}]}}]}}]
|
||||
(cut/generate-ingress {:fqdn "somefqdn.de"}))))
|
||||
|
||||
(deftest should-generate-pvc
|
||||
|
|
Loading…
Reference in a new issue