Use common ingress

This commit is contained in:
bom 2023-02-03 10:48:03 +01:00
parent 16dd0c5828
commit fe4c381791
5 changed files with 36 additions and 93 deletions

View file

@ -21,15 +21,15 @@
[(postgres/generate-config {:postgres-size :8gb})
(postgres/generate-secret config)
(postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class})
:pvc-storage-class-name default-storage-class})
(postgres/generate-deployment)
(postgres/generate-service)
(nextcloud/generate-secret config)
(nextcloud/generate-pvc (merge nextcloud-default-storage-config config))
(nextcloud/generate-deployment config)
(nextcloud/generate-service)
(nextcloud/generate-certificate config)
(nextcloud/generate-ingress config)]
(nextcloud/generate-certificate config)]
(nextcloud/generate-ingress config)
(when (:contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret config)

View file

@ -5,6 +5,7 @@
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.postgres :as postgres]
@ -62,13 +63,12 @@
(defn-spec generate-ingress cp/map-or-seq?
[config config?]
(let [{:keys [fqdn issuer]
:or {issuer "staging"}} config
letsencrypt-issuer issuer]
(->
(yaml/load-as-edn "nextcloud/ingress.yaml")
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
(ing/generate-ingress-and-cert
(merge
{:service-name "nextcloud"
:service-port 80
:fqdns [(:fqdn config)]}
config)))
(defn-spec generate-pvc cp/map-or-seq?
[config (s/keys :req-un [::pv-storage-size-gb ::pvc-storage-class-name])]

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cloud-cert
namespace: default
spec:
secretName: cloud-cert
duration: 2160h # 90d
renewBefore: 360h # 15d
commonName: fqdn
dnsNames:
- fqdn
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,29 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-cloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/proxy-body-size: "256m"
ingress.kubernetes.io/proxy-connect-timeout: "300"
ingress.kubernetes.io/proxy-send-timeout: "300"
ingress.kubernetes.io/proxy-read-timeout: "300"
namespace: default
spec:
tls:
- hosts:
- fqdn
secretName: cloud-cert
rules:
- host: fqdn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cloud-service
port:
number: 80

View file

@ -36,45 +36,32 @@
:nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"}))))
(deftest should-generate-certificate
(is (= {:apiVersion "cert-manager.io/v1"
:kind "Certificate"
:metadata {:name "cloud-cert", :namespace "default"}
:spec
{:secretName "cloud-cert"
:duration "2160h"
:renewBefore "360h",
:commonName "somefqdn.de",
:dnsNames ["somefqdn.de"]
:issuerRef
{:name "prod", :kind "ClusterIssuer"}}}
(cut/generate-certificate {:fqdn "somefqdn.de" :issuer "prod"}))))
(deftest should-generate-ingress
(is (= {:apiVersion "networking.k8s.io/v1"
:kind "Ingress"
:metadata
{:name "ingress-cloud"
:annotations
{:cert-manager.io/cluster-issuer "staging"
:ingress.kubernetes.io/proxy-body-size "256m"
:ingress.kubernetes.io/ssl-redirect "true"
:ingress.kubernetes.io/rewrite-target "/"
:ingress.kubernetes.io/proxy-connect-timeout "300"
:ingress.kubernetes.io/proxy-send-timeout "300"
:ingress.kubernetes.io/proxy-read-timeout "300"}
:namespace "default"}
:spec
{:tls [{:hosts ["somefqdn.de"], :secretName "cloud-cert"}]
:rules
[{:host "somefqdn.de"
:http
{:paths
[{:path "/"
:pathType "Prefix"
:backend
{:service
{:name "cloud-service", :port {:number 80}}}}]}}]}}
(deftest should-generate-ingress-and-cert
(is (= [{:apiVersion "cert-manager.io/v1",
:kind "Certificate",
:metadata {:name "nextcloud", :labels {:app.kubernetes.part-of "nextcloud"}, :namespace "default"},
:spec
{:secretName "nextcloud",
:commonName "somefqdn.de",
:duration "2160h",
:renewBefore "360h",
:dnsNames ["somefqdn.de"],
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
{:apiVersion "networking.k8s.io/v1",
:kind "Ingress",
:metadata
{:name "nextcloud",
:namespace "default",
:labels {:app.kubernetes.part-of "nextcloud"},
:annotations
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd",
:metallb.universe.tf/address-pool "public"}},
:spec
{:tls [{:hosts ["somefqdn.de"], :secretName "nextcloud"}],
:rules
[{:host "somefqdn.de",
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "nextcloud", :port {:number 80}}}}]}}]}}]
(cut/generate-ingress {:fqdn "somefqdn.de"}))))
(deftest should-generate-pvc